Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka ZEN-15414, a similar issue to CVE-2003-1564.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zenoss 拒绝服务漏洞
Vulnerability Description
Zenoss Core是美国Zenoss公司的一套开源的企业级IT管理和监控软件。该软件通过单一的Web控制台监控网络架构的状态和健康指数。 Zenoss Core 5 Beta 3及之前版本中存在安全漏洞,该漏洞源于程序在实体扩展时没有检查递归。远程攻击者可借助带有大量嵌套实体引用的XML文档利用该漏洞造成拒绝服务(CPU和内存消耗)。
CVSS Information
N/A
Vulnerability Type
N/A