Candidate: CVE-2014-2683
PublicDate: 2014-11-16 00:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683
 http://framework.zend.com/security/advisory/ZF2014-01
Description:
 Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and
 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler,
 ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and
 ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and
 ZendService_Api before 1.0.0 allow remote attackers to cause a denial of
 service (CPU consumption) via (1) recursive or (2) circular references in
 an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity
 Expansion (XEE) attack.  NOTE: this issue exists because of an incomplete
 fix for CVE-2012-6532.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743175
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_zendframework:
upstream_zendframework: released (1.12.4, 2.1.6, 2.2.6)
lucid_zendframework: ignored (reached end-of-life)
precise_zendframework: DNE
quantal_zendframework: DNE
saucy_zendframework: DNE
devel_zendframework: DNE