Name of the Vulnerable Software and Affected Versions: ZendHttpPhpEnvironmentRemoteAddress versions prior to 2.2.5

Description: The issue concerns the detection of the internet protocol (IP) address for an incoming proxied request via the X-Forwarded-For header. The class did not properly consider whether the IP address in PHP's $ SERVER['REMOTE ADDR'] was in the list of trusted proxy server IPs. According to the IETF draft specification, if $ SERVER['REMOTE ADDR'] is not a trusted proxy, it should be considered the originating IP address, and the X-Forwarded-For value should be disregarded.

Recommendations: For versions prior to 2.2.5, update to version 2.2.5 or later to resolve the issue.