Description

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

Remediation

References

CVE-2014-2052

Related Vulnerabilities

Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5)

WordPress 4.6.x PHP Object Injection (4.6 - 4.6.20)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-27912)

Drupal Core 7.x Directory Traversal (7.0 - 7.81)

Ruby Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2011-1004)

Severity

Critical

Classification

CVE-2014-2052 CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities