Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Zend Framework < 2.3.8 / 2.4.x < 2.4.1 HTTP Response Splitting



The remote host is using a version of Zend Framework that is vulnerable to HTTP response splitting attacks.


Versions of Zend Framework earlier than 2.3.8, or 2.4.x earlier than 2.4.1 are vulnerable to a flaw in the 'Zend\Mail' and 'Zend\Http' components that is triggered as CRLF (Carriage Return and Line Feed) character sequences are not properly sanitized before being included in responses. This allows a context-dependent attacker to inject additional headers into responses to conduct HTTP response splitting attacks.


Upgrade Zend Framework to version 2.4.1 or later. If version 2.4.x is not available, version 2.3.8 is also patched for these vulnerabilities.