QwikSec

Security Database

CVE

CWE

Training

CVE-2014-8088

Published: Oct 22, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2014-12344

vendor-advisory

x_refsource_FEDORA

[oss-security] 20141010 Re: CVE request: Zend Framework ZF2014-05 and ZF2014-06

mailing-list

x_refsource_MLIST

FEDORA-2014-12418

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_BID

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

zend-framework-cve20148088-sec-bypass(97038)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.