XML External Entity Vulnerability in Zend Framework by Zend Technologies
CVE-2014-2681

Currently unrated

Key Information:

Vendor: Zend
Status: Zendrest
Vendor: CVE Published:; 16 November 2014

What is CVE-2014-2681?

A vulnerability in Zend Framework prior to specified versions allows remote attackers to exploit XML External Entity issues. This can lead to unauthorized reading of local files, sending malicious HTTP requests to internal networks, and potentially causing a denial of service by consuming CPU and memory resources. The issue arises from an incomplete fix of a prior vulnerability, highlighting the necessity for regular updates and security checks.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://advisories.mageia.org/MGASA-2014-0151.html

x_refsource_CONFIRM

http://www.securityfocus.com/bid/66358

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 16, 2014
Vulnerability Reserved
Mar 30, 2014