CVE-2014-6259

Published: Dec 15, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka ZEN-15414, a similar issue to CVE-2003-1564.

Affected (20)

Products: Zenoss: Zenoss Core

Zenoss

1 product

Zenoss Core

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Zenoss Zenoss Core	Up to 5.0.0
Zenoss Zenoss Core	Version 2.4.0
Zenoss Zenoss Core	Version 2.4.5
Zenoss Zenoss Core	Version 2.5.0
Zenoss Zenoss Core	Version 2.5.1
Zenoss Zenoss Core	Version 2.5.2
Zenoss Zenoss Core	Version 3.0.0
Zenoss Zenoss Core	Version 3.0.1
Zenoss Zenoss Core	Version 3.0.2
Zenoss Zenoss Core	Version 3.0.3
Zenoss Zenoss Core	Version 3.1.0
Zenoss Zenoss Core	Version 3.2.0
Zenoss Zenoss Core	Version 3.2.1
Zenoss Zenoss Core	Version 4.2.0
Zenoss Zenoss Core	Version 4.2.3
Zenoss Zenoss Core	Version 4.2.4
Zenoss Zenoss Core	Version 4.2.5
Zenoss Zenoss Core	Version 5.0.0
Zenoss Zenoss Core	Version 5.0.0 beta_1
Zenoss Zenoss Core	Version 5.0.0 beta_2

Related CWEs

CWE-399

References (4)

http://www.kb.cert.org/vuls/id/449452

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Source: cve@mitre.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/449452

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.