Lucene search

K
mageiaGentoo FoundationMGASA-2015-0241
HistoryJun 09, 2015 - 12:17 a.m.

Updated php-ZendFramework packages fix security vulnerabilities

2015-06-0900:17:51
Gentoo Foundation
advisories.mageia.org
18

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

57.4%

Updated php-ZendFramework packages fix security vulnerability: Filippo Tessarotto and Maks3w reported potential CRLF injection attacks in mail and HTTP headers in ZendFramework before 1.2.12 (CVE-2015-3154).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchphp-zendframework< 1.12.13-1php-ZendFramework-1.12.13-1.mga4

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

57.4%