5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Zendframework is vulnerable to Denial of Service (DoS) through XML Entity Expansion (XEE). The library calls the vulnerable methods OMDocument
, SimpleXML
, and xml_parse
which are vulnerable to XML External Entity (XXE) injections and XEE.
CPE | Name | Operator | Version |
---|---|---|---|
zendframework/zendframework1 | le | 1.12.3 | |
zendframework/zendframework | le | 2.1.5 | |
zendframework/zendframework | le | 2.2.5 |
advisories.mageia.org/MGASA-2014-0151.html
advisories.mageia.org/MGASA-2014-0151.html
framework.zend.com/security/advisory/ZF2014-01
framework.zend.com/security/advisory/ZF2014-01
seclists.org/oss-sec/2014/q2/0
seclists.org/oss-sec/2014/q2/0
www.debian.org/security/2015/dsa-3265
www.debian.org/security/2015/dsa-3265
www.mandriva.com/security/advisories?name=MDVSA-2014:072
www.mandriva.com/security/advisories?name=MDVSA-2014:072
www.securityfocus.com/bid/66358
www.securityfocus.com/bid/66358
framework.zend.com/security/advisory/ZF2014-01