cbcvebase.
CVE-2014-8088
published 2014-10-22

CVE-2014-8088: The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass…

PriorityP337medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
2.50%
82.7th percentile
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.

Affected

22 ranges
VendorProductVersion rangeFixed in
zendzend_framework<= 1.12.7
zendzend_framework
zendzend_framework
zendzend_framework
zendzend_framework
zendzend_framework
zendzend_framework
zendzend_framework
zendzend_framework
zendzend_framework
zendzend_framework
zendzend_framework
zendzend_framework
zendzend_framework
zendzend_framework
zendzend_framework
zendzend_framework
zendframeworkzendframework>= 2.0.0 < 2.0.992.0.99
zendframeworkzendframework>= 2.1.0 < 2.1.992.1.99
zendframeworkzendframework>= 2.2.0 < 2.2.82.2.8
zendframeworkzendframework>= 2.3.0 < 2.3.32.3.3
zendframeworkzendframework1>= 1.12.0 < 1.12.91.12.9

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.