Zend Framework Two HTTP Response Splitting Vulnerabilities


Description   Two vulnerabilities have been reported in Zend Framework, which can be exploited by malicious people to conduct HTTP response splitting attacks.
1) Certain unspecified input is not properly sanitised in Zend/Mail before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user.
2) Certain unspecified input is not properly sanitised in Zend/Http before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user.
The vulnerabilities are reported in versions prior to 2.3.8 and prior to 2.4.1.
     
Vulnerable Products   Vulnerable Software:
Zend Framework 2.x
     
Solution   Update to version 2.3.8 or 2.4.1.
     
CVE   CVE-2015-3154
     
References   http://framework.zend.com/security/advisory/ZF2015-04
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
HTTP Request Smuggling : HTTP command found in header
3.2.0
HTTP Response Splitting : suspicious Content-Length in URL
3.2.0
HTTP Response Splitting : suspicious HTTP/1.x in URL
3.2.0
HTTP Request Smuggling : Content-Length and Transfer-Encoding: chunked fields in header
3.2.0
HTTP Response Splitting : suspicious Set-Cookie in URL
3.2.0
HTTP Request Smuggling : suspicious syntax using HTTP keyword
3.2.0
HTTP Request Smuggling : multiple Content-Length fields
3.2.0
HTTP Response Splitting : suspicious Content-Type in URL
3.5.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2015-05-08 

 Target Type 
Client 

 Possible exploit 
Remote