Denial of Service Vulnerability in Zend Framework by Zend Technologies
CVE-2014-2683

Currently unrated

Key Information:

Vendor: Zend
Status: Zendrest
Vendor: CVE Published:; 16 November 2014

What is CVE-2014-2683?

The Zend Framework is susceptible to a denial of service attack due to improper handling of XML entity definitions. Attackers can exploit this via recursive or circular references in XML DOCTYPE declarations, which leads to significant CPU consumption. This vulnerability stems from an incomplete fix related to a previous issue (CVE-2012-6532), allowing remote attackers to disrupt service effectively.

References

http://seclists.org/oss-sec/2014/q2/0

mailing-listx_refsource_MLIST

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://advisories.mageia.org/MGASA-2014-0151.html

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 16, 2014
Vulnerability Reserved
Mar 30, 2014