Vulnerability in Zend Zend_framework
CVE-2014-2684
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as…
EPSS: 0.006 (69.1th percentile) — read the EPSS interpretation.
Affected products
- Zend Zend_framework
- Zend Zendopenid
- N/a — versions n/a
Weakness classification (CWE)
References
- [oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02 (mailing-list, x_refsource_MLIST)
- MDVSA-2014:072 (vendor-advisory, x_refsource_MANDRIVA)
- cve@mitre.org (x_refsource_CONFIRM)
- 66358 (vdb-entry, x_refsource_BID)
- DSA-3265 (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)