CVE-2014-2681

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.  NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
zendzendrest
𝑥
≤ 2.0.1
zendzend_framework
𝑥
< 1.12.4
zendzend_framework
2.1.0 ≤
𝑥
< 2.1.6
zendzend_framework
2.2.0 ≤
𝑥
< 2.2.6
zendzendservice_slideshare
𝑥
≤ 2.0.1
zendzendservice_api
𝑥
≤ 1.0.0
zendzendservice_audioscrobbler
𝑥
≤ 2.0.1
zendzendservice_amazon
𝑥
≤ 2.0.2
zendzendservice_technorati
𝑥
≤ 2.0.1
zendzendservice_windowsazure
𝑥
≤ 2.0.1
zendzendopenid
𝑥
≤ 2.0.1
zendzendservice_nirvanix
𝑥
≤ 2.0.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zendframework
lucid
ignored
precise
dne
quantal
dne
saucy
dne
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
php-ZendFramework
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Auth-Adapter-Ldap
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Cache-Backend-Apc
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Cache-Backend-Libmemcached
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Cache-Backend-Memcached
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Captcha
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Db-Adapter-Mysqli
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Db-Adapter-Pdo
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Db-Adapter-Pdo-Mssql
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Db-Adapter-Pdo-Mysql
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Db-Adapter-Pdo-Pgsql
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Dojo
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Feed
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Ldap
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Pdf
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Search-Lucene
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Serializer-Adapter-Igbinary
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Services
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-Soap
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-demos
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-extras
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
php-ZendFramework-full
Amazon Linux 1
0:1.12.5-1.8.amzn1
fixed
Common Weakness Enumeration