Denial of Service Vulnerability in Zend Framework by Zend Technologies
CVE-2014-2683

Currently unrated

Key Information:

Vendor

Zend

Status
Zendrest
Vendor
CVE Published:
16 November 2014

What is CVE-2014-2683?

The Zend Framework is susceptible to a denial of service attack due to improper handling of XML entity definitions. Attackers can exploit this via recursive or circular references in XML DOCTYPE declarations, which leads to significant CPU consumption. This vulnerability stems from an incomplete fix related to a previous issue (CVE-2012-6532), allowing remote attackers to disrupt service effectively.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://seclists.org/oss-sec/2014/q2/0
mailing-listx_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://advisories.mageia.org/MGASA-2014-0151.html
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.