Home > Vulnerability Database > WS-2018-0158

Mend.io Vulnerability Database

WS-2018-0158

Good to know:

Date: August 1, 2018

URL Rewrite vulnerability in zendframework which is exist in projects zend-diactoros before version 1.8.4, in zend-http before version 2.8.1 and in zend-feed before version 2.10.3. In each case, marshaling a request URI includes logic that introspects HTTP request headers that are specific to a given server-side URL rewrite mechanism.

Language: PHP

Severity Score

6.5

Related Resources (7)

Url: https://framework.zend.com/security/advisory/ZF2018-01

Url: https://github.com/zendframework/zend-feed/commit/6641f4cf3f4586c63f83fd70b6d19966025c8888

Url: https://github.com/FriendsOfPHP/security-advisories/commit/2506c2b2408132f8e77c6140cb562bebdb92644f

Url: https://github.com/zendframework/zend-http/commit/44197164a270259116162a442f639085ea24094a

Url: https://github.com/zendframework/zend-diactoros/commit/736ffa7c2bfa4a60e8a10acb316fa2ac456c5fba

Url: https://www.mend.io/resources/blog/top-5-new-open-source-security-vulnerabilities-in-august-2018

Url: https://www.mend.io/vulnerability-database/WS-2018-0158

Severity Score

6.5

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version 1.8.4,2.8.1,2.10.3.

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2018-0158

Good to know:

Date: August 1, 2018

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?