CVE-2014-2681

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:zend:zendrest:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:zend:zendservice_slideshare:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:zend:zendservice_api:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:zend:zendservice_audioscrobbler:*:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:zend:zendservice_amazon:*:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:a:zend:zendservice_technorati:*:*:*:*:*:*:*:*

Configuration 8 (hide)

cpe:2.3:a:zend:zendservice_windowsazure:*:*:*:*:*:*:*:*

Configuration 9 (hide)

cpe:2.3:a:zend:zendopenid:*:*:*:*:*:*:*:*

Configuration 10 (hide)

cpe:2.3:a:zend:zendservice_nirvanix:*:*:*:*:*:*:*:*

Information

Published : 2014-11-15 16:59

Updated : 2019-07-16 05:21


NVD link : CVE-2014-2681

Mitre link : CVE-2014-2681


JSON object : View

CWE
CWE-19

Data Processing Errors

Advertisement

dedicated server usa

Products Affected

zend

  • zendrest
  • zendservice_api
  • zendservice_windowsazure
  • zendservice_amazon
  • zend_framework
  • zendopenid
  • zendservice_technorati
  • zendservice_audioscrobbler
  • zendservice_slideshare
  • zendservice_nirvanix