Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-mg7h-9qfx-4r83: ZendFramework Potential Proxy Injection Vulnerabilities

Zend\Session\Validator\RemoteAddr and Zend\View\Helper\ServerUrl were found to be improperly parsing HTTP headers for proxy information, which could potentially allow an attacker to spoof a proxied IP or host name.

In Zend\Session\Validator\RemoteAddr, if the client is behind a proxy server, the detection of the proxy URL was incorrect, and could lead to invalid results on subsequent lookups.

In Zend\View\Helper\ServerUrl, if the server lives behind a proxy, the helper would always generate a URL based on the proxy host, regardless of whether or not this was desired; additionally, it did not take into account the proxy port or protocol, if provided.

ghsa
#vulnerability#git#php#perl

Package

composer zendframework/zendframework (Composer)

Affected versions

>= 2.0.0, < 2.0.5

Patched versions

2.0.5

Description

Zend\Session\Validator\RemoteAddr and Zend\View\Helper\ServerUrl were found to be improperly parsing HTTP headers for proxy information, which could potentially allow an attacker to spoof a proxied IP or host name.

In Zend\Session\Validator\RemoteAddr, if the client is behind a proxy server, the detection of the proxy URL was incorrect, and could lead to invalid results on subsequent lookups.

In Zend\View\Helper\ServerUrl, if the server lives behind a proxy, the helper would always generate a URL based on the proxy host, regardless of whether or not this was desired; additionally, it did not take into account the proxy port or protocol, if provided.

References

  • zendframework/zendframework@1040aca
  • zendframework/zendframework@ad8fdc3
  • zendframework/zendframework@ada1fab
  • zendframework/zendframework@b914ecd
  • zendframework/zendframework@c3819ab
  • zendframework/zendframework@cfaf5ea
  • https://framework.zend.com/security/advisory/ZF2012-04
  • https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2012-04.yaml

Published to the GitHub Advisory Database

Jun 7, 2024

Reviewed

Jun 7, 2024

Last updated

Jun 7, 2024

ghsa: Latest News

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname