CVE-2014-8088

Zend Framework < 1.12.7 - Authentication Bypass

Title source: rule

Description

The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.

References (7)

Scores

EPSS 0.0061
EPSS Percentile 69.4%

Classification

CWE
CWE-287
Status draft

Affected Products (23)

zend/zend_framework < 1.12.7
zend/zend_framework
zend/zend_framework
zend/zend_framework
zend/zend_framework
zend/zend_framework
zend/zend_framework
zend/zend_framework
zend/zend_framework
zend/zend_framework
zend/zend_framework
zend/zend_framework
zend/zend_framework
zend/zend_framework
zend/zend_framework
... and 8 more

Timeline

Published Oct 22, 2014
Tracked Since Feb 18, 2026