CVE-2014-8088
published 2014-10-22CVE-2014-8088: The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass…
PriorityP337medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
2.50%
82.7th percentile
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zend | zend_framework | <= 1.12.7 | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zend | zend_framework | — | — |
| zendframework | zendframework | >= 2.0.0 < 2.0.99 | 2.0.99 |
| zendframework | zendframework | >= 2.1.0 < 2.1.99 | 2.1.99 |
| zendframework | zendframework | >= 2.2.0 < 2.2.8 | 2.2.8 |
| zendframework | zendframework | >= 2.3.0 < 2.3.3 | 2.3.3 |
| zendframework | zendframework1 | >= 1.12.0 < 1.12.9 | 1.12.9 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Zend Access Restriction Bypass
ghsa·2022-05-17
CVE-2014-8088 [MEDIUM] CWE-287 Zend Access Restriction Bypass
Zend Access Restriction Bypass
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
OSV
Zend Access Restriction Bypass
osv·2022-05-17
CVE-2014-8088 [MEDIUM] Zend Access Restriction Bypass
Zend Access Restriction Bypass
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
OSV
CVE-2014-8088: The (1) Zend_Ldap class in Zend before 1
osv·2014-10-22·CVSS 5.0
CVE-2014-8088 [MEDIUM] CVE-2014-8088: The (1) Zend_Ldap class in Zend before 1
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
No detection rules found.
No public exploits indexed.
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.htmlhttp://www.debian.org/security/2015/dsa-3265http://www.openwall.com/lists/oss-security/2014/10/10/5http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.securityfocus.com/bid/70378https://exchange.xforce.ibmcloud.com/vulnerabilities/97038http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.htmlhttp://www.debian.org/security/2015/dsa-3265http://www.openwall.com/lists/oss-security/2014/10/10/5http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.securityfocus.com/bid/70378https://exchange.xforce.ibmcloud.com/vulnerabilities/97038
2014-10-22
Published