CVE-2014-6259

Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka ZEN-15414, a similar issue to CVE-2003-1564.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
zenosszenoss_core
𝑥
≤ 5.0.0
zenosszenoss_core
2.4.0
zenosszenoss_core
2.4.5
zenosszenoss_core
2.5.0
zenosszenoss_core
2.5.1
zenosszenoss_core
2.5.2
zenosszenoss_core
3.0.0
zenosszenoss_core
3.0.1
zenosszenoss_core
3.0.2
zenosszenoss_core
3.0.3
zenosszenoss_core
3.1.0
zenosszenoss_core
3.2.0
zenosszenoss_core
3.2.1
zenosszenoss_core
4.2.0
zenosszenoss_core
4.2.3
zenosszenoss_core
4.2.4
zenosszenoss_core
4.2.5
zenosszenoss_core
5.0.0
zenosszenoss_core
5.0.0:beta_1
zenosszenoss_core
5.0.0:beta_2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/449452
https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing
http://www.kb.cert.org/vuls/id/449452
https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing