Candidate: CVE-2014-2681
PublicDate: 2014-11-16 00:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681
 http://framework.zend.com/security/advisory/ZF2014-01
Description:
 Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and
 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler,
 ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and
 ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and
 ZendService_Api before 1.0.0 allow remote attackers to read arbitrary
 files, send HTTP requests to intranet servers, and possibly cause a denial
 of service (CPU and memory consumption) via an XML External Entity (XXE)
 attack.  NOTE: this issue exists because of an incomplete fix for
 CVE-2012-5657.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743175
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_zendframework:
upstream_zendframework: released (1.12.4)
lucid_zendframework: ignored (reached end-of-life)
precise_zendframework: DNE
quantal_zendframework: DNE
saucy_zendframework: DNE
devel_zendframework: DNE