CVE-2014-6259

Name of the Vulnerable Software and Affected Versions Zenoss Core versions through 5 Beta 3

Description The issue allows remote attackers to cause a denial of service due to memory and CPU consumption. This is achieved by sending a crafted XML document that contains a large number of nested entity references, which the software does not properly detect during entity expansion.

Recommendations For Zenoss Core versions through 5 Beta 3, consider restricting the processing of XML documents to prevent excessive entity expansion until a proper fix is available. As a temporary workaround, limiting the size of XML documents or implementing rate limiting on incoming XML requests may help minimize the risk of denial of service attacks.