Zend · Zend-Mail · CVE-2015-3154
Name of the Vulnerable Software and Affected Versions:
Zend Framework versions prior to 1.12.12
Zend Framework 2.x versions prior to 2.3.8
Zend Framework 2.4.x versions prior to 2.4.1
Description:
A CRLF injection vulnerability in ZendMail (Zend Mail) allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
Recommendations:
For versions prior to 1.12.12, update to version 1.12.12 or later.
For 2.x versions prior to 2.3.8, update to version 2.3.8 or later.
For 2.4.x versions prior to 2.4.1, update to version 2.4.1 or later.