{"containers": {"cna": {"affected": [{"product": "Zend Framework", "vendor": "Zend Technologies", "versions": [{"status": "affected", "version": "before 1.12.12"}, {"status": "affected", "version": "2.x before 2.3.8"}, {"status": "affected", "version": "2.4.x before 2.4.1"}]}], "datePublic": "2015-05-07T00:00:00", "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in Zend\\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email."}], "problemTypes": [{"descriptions": [{"description": "CRLF Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-27T15:02:12", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://framework.zend.com/security/advisory/ZF2015-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3154", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Zend Framework", "version": {"version_data": [{"version_value": "before 1.12.12"}, {"version_value": "2.x before 2.3.8"}, {"version_value": "2.4.x before 2.4.1"}]}}]}, "vendor_name": "Zend Technologies"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CRLF injection vulnerability in Zend\\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CRLF Injection"}]}]}, "references": {"reference_data": [{"name": "http://framework.zend.com/security/advisory/ZF2015-04", "refsource": "CONFIRM", "url": "http://framework.zend.com/security/advisory/ZF2015-04"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:31.844Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://framework.zend.com/security/advisory/ZF2015-04"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3154", "datePublished": "2020-01-27T15:02:12", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:31.844Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EC26DF5-0C36-47B9-A42C-563254068FE2", "versionEndExcluding": "1.12.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E14D72D-4775-4018-8BB5-1C1997FC3552", "versionEndExcluding": "2.3.8", "versionStartIncluding": "2.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1035005-3678-4FFC-95CC-F1B2B35B4CDD", "versionEndExcluding": "2.4.1", "versionStartIncluding": "2.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in Zend\\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de tipo CRLF en Zend\\Mail (Zend_Mail) en Zend Framework versiones anteriores a 1.12.12, versiones 2.x anteriores a 2.3.8 y versiones 2.4.x anteriores a 2.4.1, permite a atacantes remotos inyectar encabezados HTTP arbitrarios y realizar ataques de divisi\u00f3n de respuesta HTTP por medio de secuencias de tipo CRLF en el encabezado de un correo electr\u00f3nico."}], "id": "CVE-2015-3154", "lastModified": "2024-11-21T02:28:47.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-27T16:15:11.063", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Vendor Advisory"], "url": "http://framework.zend.com/security/advisory/ZF2015-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://framework.zend.com/security/advisory/ZF2015-04"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}