cbcvebase.
CVE-2015-3154
published 2020-01-27

CVE-2015-3154: CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to…

PriorityP428medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.01%
58.7th percentile
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.

Affected

12 ranges
VendorProductVersion rangeFixed in
zendzend_framework< 1.12.121.12.12
zendzend_framework>= 2.3.0 < 2.3.82.3.8
zendzend_framework>= 2.4.0 < 2.4.12.4.1
zend_technologieszend_framework
zend_technologieszend_framework
zend_technologieszend_framework
zendframeworkzend-http>= 0 < 1.12.121.12.12
zendframeworkzend-http>= 2.0.0beta4 < 2.3.82.3.8
zendframeworkzend-http>= 2.4.0rc1 < 2.4.12.4.1
zendframeworkzendframework>= 2.0.0beta4 < 2.3.82.3.8
zendframeworkzendframework>= 2.4.0rc1 < 2.4.12.4.1
zendframeworkzendframework1>= 0 < 1.12.121.12.12

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.