CVE-2014-2685CVE-2014-2685

Affected configuration(s):

cpe:/a:zend:zend_framework:1.0.0
cpe:/a:zend:zend_framework:1.0.0:rc1
cpe:/a:zend:zend_framework:1.0.0:rc2
cpe:/a:zend:zend_framework:1.0.0:rc2a
cpe:/a:zend:zend_framework:1.0.0:rc3
cpe:/a:zend:zend_framework:1.0.1
cpe:/a:zend:zend_framework:1.0.2
cpe:/a:zend:zend_framework:1.0.3
cpe:/a:zend:zend_framework:1.0.4
cpe:/a:zend:zend_framework:1.5.0
cpe:/a:zend:zend_framework:1.5.0:pl
cpe:/a:zend:zend_framework:1.5.0:pr
cpe:/a:zend:zend_framework:1.5.0:rc1
cpe:/a:zend:zend_framework:1.5.0:rc2
cpe:/a:zend:zend_framework:1.5.0:rc3
cpe:/a:zend:zend_framework:1.5.1
cpe:/a:zend:zend_framework:1.5.2
cpe:/a:zend:zend_framework:1.5.3
cpe:/a:zend:zend_framework:1.6.0
cpe:/a:zend:zend_framework:1.6.0:rc1
cpe:/a:zend:zend_framework:1.6.0:rc2
cpe:/a:zend:zend_framework:1.6.0:rc3
cpe:/a:zend:zend_framework:1.6.1
cpe:/a:zend:zend_framework:1.6.2
cpe:/a:zend:zend_framework:1.7.0
cpe:/a:zend:zend_framework:1.7.0:pl1
cpe:/a:zend:zend_framework:1.7.0:pr
cpe:/a:zend:zend_framework:1.7.1
cpe:/a:zend:zend_framework:1.7.2
cpe:/a:zend:zend_framework:1.7.3
cpe:/a:zend:zend_framework:1.7.3:pl1
cpe:/a:zend:zend_framework:1.7.4
cpe:/a:zend:zend_framework:1.7.5
cpe:/a:zend:zend_framework:1.7.6
cpe:/a:zend:zend_framework:1.7.7
cpe:/a:zend:zend_framework:1.7.8
cpe:/a:zend:zend_framework:1.7.9
cpe:/a:zend:zend_framework:1.8.0
cpe:/a:zend:zend_framework:1.8.0:a1
cpe:/a:zend:zend_framework:1.8.0:b1
cpe:/a:zend:zend_framework:1.8.1
cpe:/a:zend:zend_framework:1.8.2
cpe:/a:zend:zend_framework:1.8.3
cpe:/a:zend:zend_framework:1.8.4
cpe:/a:zend:zend_framework:1.8.4:pl1
cpe:/a:zend:zend_framework:1.8.5
cpe:/a:zend:zend_framework:1.9.0
cpe:/a:zend:zend_framework:1.9.0:a1
cpe:/a:zend:zend_framework:1.9.0:b1
cpe:/a:zend:zend_framework:1.9.0:rc1
cpe:/a:zend:zend_framework:1.9.1
cpe:/a:zend:zend_framework:1.9.2
cpe:/a:zend:zend_framework:1.9.3
cpe:/a:zend:zend_framework:1.9.3:pl1
cpe:/a:zend:zend_framework:1.9.4
cpe:/a:zend:zend_framework:1.9.5
cpe:/a:zend:zend_framework:1.9.6
cpe:/a:zend:zend_framework:1.9.7
cpe:/a:zend:zend_framework:1.9.8
cpe:/a:zend:zend_framework:1.10.0
cpe:/a:zend:zend_framework:1.10.0:alpha1
cpe:/a:zend:zend_framework:1.10.0:beta1
cpe:/a:zend:zend_framework:1.10.0:rc1
cpe:/a:zend:zend_framework:1.10.1
cpe:/a:zend:zend_framework:1.10.2
cpe:/a:zend:zend_framework:1.10.3
cpe:/a:zend:zend_framework:1.10.4
cpe:/a:zend:zend_framework:1.10.5
cpe:/a:zend:zend_framework:1.10.6
cpe:/a:zend:zend_framework:1.10.7
cpe:/a:zend:zend_framework:1.10.8
cpe:/a:zend:zend_framework:1.10.9
cpe:/a:zend:zend_framework:1.11.0
cpe:/a:zend:zend_framework:1.11.0:b1
cpe:/a:zend:zend_framework:1.11.0:rc1
cpe:/a:zend:zend_framework:1.11.1
cpe:/a:zend:zend_framework:1.11.2
cpe:/a:zend:zend_framework:1.11.3
cpe:/a:zend:zend_framework:1.11.4
cpe:/a:zend:zend_framework:1.11.5
cpe:/a:zend:zend_framework:1.11.6
cpe:/a:zend:zend_framework:1.11.7
cpe:/a:zend:zend_framework:1.11.8
cpe:/a:zend:zend_framework:1.11.9
cpe:/a:zend:zend_framework:1.11.10
cpe:/a:zend:zend_framework:1.11.11
cpe:/a:zend:zend_framework:1.11.12
cpe:/a:zend:zend_framework:1.11.13
cpe:/a:zend:zend_framework:1.12.0
cpe:/a:zend:zend_framework:1.12.0:rc1
cpe:/a:zend:zend_framework:1.12.0:rc2
cpe:/a:zend:zend_framework:1.12.0:rc3
cpe:/a:zend:zend_framework:1.12.0:rc4
cpe:/a:zend:zend_framework:1.12.1
cpe:/a:zend:zend_framework:1.12.2
cpe:/a:zend:zend_framework:1.12.3
cpe:/a:zend:zendopenid:2.0.1

Date published: 2014-09-04T13:55:04.747-04:00

Date last modified: 2017-11-03T21:29:01.020-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://advisories.mageia.org/MGASA-2014-0151.html

Summary: The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.