CVE-2014-2685
04.09.2014, 17:55
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.Enginsight
| Vendor | Product | Version |
|---|---|---|
| zend | zend_framework | 𝑥 ≤ 1.12.3 |
| zend | zend_framework | 1.0.0 |
| zend | zend_framework | 1.0.0:rc1 |
| zend | zend_framework | 1.0.0:rc2 |
| zend | zend_framework | 1.0.0:rc2a |
| zend | zend_framework | 1.0.0:rc3 |
| zend | zend_framework | 1.0.1 |
| zend | zend_framework | 1.0.2 |
| zend | zend_framework | 1.0.3 |
| zend | zend_framework | 1.0.4 |
| zend | zend_framework | 1.5.0 |
| zend | zend_framework | 1.5.0:pl |
| zend | zend_framework | 1.5.0:pr |
| zend | zend_framework | 1.5.0:rc1 |
| zend | zend_framework | 1.5.0:rc2 |
| zend | zend_framework | 1.5.0:rc3 |
| zend | zend_framework | 1.5.1 |
| zend | zend_framework | 1.5.2 |
| zend | zend_framework | 1.5.3 |
| zend | zend_framework | 1.6.0 |
| zend | zend_framework | 1.6.0:rc1 |
| zend | zend_framework | 1.6.0:rc2 |
| zend | zend_framework | 1.6.0:rc3 |
| zend | zend_framework | 1.6.1 |
| zend | zend_framework | 1.6.2 |
| zend | zend_framework | 1.7.0 |
| zend | zend_framework | 1.7.0:pl1 |
| zend | zend_framework | 1.7.0:pr |
| zend | zend_framework | 1.7.1 |
| zend | zend_framework | 1.7.2 |
| zend | zend_framework | 1.7.3 |
| zend | zend_framework | 1.7.3:pl1 |
| zend | zend_framework | 1.7.4 |
| zend | zend_framework | 1.7.5 |
| zend | zend_framework | 1.7.6 |
| zend | zend_framework | 1.7.7 |
| zend | zend_framework | 1.7.8 |
| zend | zend_framework | 1.7.9 |
| zend | zend_framework | 1.8.0 |
| zend | zend_framework | 1.8.0:a1 |
| zend | zend_framework | 1.8.0:b1 |
| zend | zend_framework | 1.8.1 |
| zend | zend_framework | 1.8.2 |
| zend | zend_framework | 1.8.3 |
| zend | zend_framework | 1.8.4 |
| zend | zend_framework | 1.8.4:pl1 |
| zend | zend_framework | 1.8.5 |
| zend | zend_framework | 1.9.0 |
| zend | zend_framework | 1.9.0:a1 |
| zend | zend_framework | 1.9.0:b1 |
| zend | zend_framework | 1.9.0:rc1 |
| zend | zend_framework | 1.9.1 |
| zend | zend_framework | 1.9.2 |
| zend | zend_framework | 1.9.3 |
| zend | zend_framework | 1.9.3:pl1 |
| zend | zend_framework | 1.9.4 |
| zend | zend_framework | 1.9.5 |
| zend | zend_framework | 1.9.6 |
| zend | zend_framework | 1.9.7 |
| zend | zend_framework | 1.9.8 |
| zend | zend_framework | 1.10.0 |
| zend | zend_framework | 1.10.0:alpha1 |
| zend | zend_framework | 1.10.0:beta1 |
| zend | zend_framework | 1.10.0:rc1 |
| zend | zend_framework | 1.10.1 |
| zend | zend_framework | 1.10.2 |
| zend | zend_framework | 1.10.3 |
| zend | zend_framework | 1.10.4 |
| zend | zend_framework | 1.10.5 |
| zend | zend_framework | 1.10.6 |
| zend | zend_framework | 1.10.7 |
| zend | zend_framework | 1.10.8 |
| zend | zend_framework | 1.10.9 |
| zend | zend_framework | 1.11.0 |
| zend | zend_framework | 1.11.0:b1 |
| zend | zend_framework | 1.11.0:rc1 |
| zend | zend_framework | 1.11.1 |
| zend | zend_framework | 1.11.2 |
| zend | zend_framework | 1.11.3 |
| zend | zend_framework | 1.11.4 |
| zend | zend_framework | 1.11.5 |
| zend | zend_framework | 1.11.6 |
| zend | zend_framework | 1.11.7 |
| zend | zend_framework | 1.11.8 |
| zend | zend_framework | 1.11.9 |
| zend | zend_framework | 1.11.10 |
| zend | zend_framework | 1.11.11 |
| zend | zend_framework | 1.11.12 |
| zend | zend_framework | 1.11.13 |
| zend | zend_framework | 1.12.0 |
| zend | zend_framework | 1.12.0:rc1 |
| zend | zend_framework | 1.12.0:rc2 |
| zend | zend_framework | 1.12.0:rc3 |
| zend | zend_framework | 1.12.0:rc4 |
| zend | zend_framework | 1.12.1 |
| zend | zend_framework | 1.12.2 |
| zend | zendopenid | 𝑥 ≤ 2.0.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References