Zend Framework HTTP Response Isolation Vulnerability (CVE-2015-3154)
Zend Framework HTTP Response Isolation Vulnerability (CVE-2015-3154)
Release date:
Updated on:
Affected Systems:
Zend Framework <2.4.1
Zend Framework <2.3.8
Description:
CVE (CAN) ID: CVE-2015-3154
Zend Framework (ZF) is an open-source PHP5 development Framework that can be used to develop web programs and services.
Zend Framework versions earlier than 2.3.8 and earlier than 2.4.1 do not properly filter some input. Attackers can exploit this vulnerability to insert arbitrary HTTP headers and execute HTTP Response isolation attacks.
<* Source: Filippo Tessarotto
Maks3w
Link: http://secunia.com/advisories/64460/
*>
Suggestion:
Vendor patch:
Zend
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://framework.zend.com/security/advisory/ZF2015-04
This article permanently updates the link address: