QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2014-2683

Back to search

CVE-2014-2683

Published: Nov 16, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532.

VendorProductVersions

n/a

n/a

affected
n/a

References

MDVSA-2014:072
vendor-advisory
x_refsource_MANDRIVA
66358
vdb-entry
x_refsource_BID
DSA-3265
vendor-advisory
x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now