CVE-2014-2684
- EPSS 0.57%
- Veröffentlicht 16.11.2014 00:59:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provide...
- EPSS 2.98%
- Veröffentlicht 16.11.2014 00:59:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2....
CVE-2014-2682
- EPSS 1.83%
- Veröffentlicht 16.11.2014 00:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2....
CVE-2014-2681
- EPSS 3.45%
- Veröffentlicht 16.11.2014 00:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2....
CVE-2014-2685
- EPSS 0.84%
- Veröffentlicht 04.09.2014 17:55:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remot...