Lucene search
Veracode Vulnerability DatabaseVERACODE:4835HistoryJul 30, 2017 - 11:11 p.m.
Authentication Bypass
2017-07-3023:11:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
zendframework/zendframework1 and zendframework/zendopenid are vulnerable to authentication bypass. The consumer classes only ensure that at least one field is signed, allowing attackers to leverage this assertion to bypass authentication.
| CPE | Name | Operator | Version |
|---|---|---|---|
| zendframework/zendopenid | le | 2.0.1 | |
| zendframework/zendframework1 | le | 1.12.3 |
Related
cve
cve
CVE-2014-2685
2014-09-04 17:55:00
prion
prion
Authentication flaw
2014-09-04 17:55:00
ubuntucve
ubuntucve
CVE-2014-2685
2014-09-04 00:00:00
nessus
nessus
Zend Framework < 1.12.4 Multiple Vulnerabilities
2016-03-15 00:00:00
Fedora 19 : php-ZendFramework2-2.2.6-1.fc19 (2014-4636)
2014-04-15 00:00:00
Mandriva Linux Security Advisory : php-ZendFramework (MDVSA-2014:072)
2014-04-10 00:00:00
openvas
openvas
Fedora Update for php-ZendFramework FEDORA-2014-4603
2014-04-15 00:00:00
Fedora Update for php-ZendFramework FEDORA-2014-4651
2014-04-15 00:00:00
Fedora Update for php-ZendFramework2 FEDORA-2014-6540
2014-06-02 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: php-ZendFramework-1.12.5-1.fc20
2014-04-14 22:36:10
[SECURITY] Fedora 20 Update: php-ZendFramework2-2.2.6-1.fc20
2014-04-14 22:45:44
[SECURITY] Fedora 20 Update: php-ZendFramework2-2.2.7-1.fc20
2014-05-28 23:52:16
amazon
amazon
Important: php-ZendFramework
2014-07-23 13:39:00
mageia
mageia
Updated php-ZendFramework packages fix multiple vulnerabilities
2014-04-03 04:43:46
securityvulns
securityvulns
[ MDVSA-2014:072 ] php-ZendFramework
2014-05-05 00:00:00
[ MDVSA-2015:097 ] php-ZendFramework
2015-05-12 00:00:00
[SECURITY] [DSA 3265-1] zendframework security update
2015-06-08 00:00:00
osv
osv
zendframework - regression update
2015-05-20 00:00:00
zendframework - security update
2015-05-20 00:00:00
zendframework - security update
2015-06-23 00:00:00
debian
debian
[SECURITY] [DSA 3265-2] zendframework regression update
2015-05-24 11:55:24
[SECURITY] [DSA 3265-1] zendframework security update
2015-05-20 09:37:25
[SECURITY] [DLA 251-1] zendframework security update
2015-06-20 18:40:57
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related for VERACODE:4835