• <cite id="jdh17"></cite>
    <ins id="jdh17"></ins>
    <var id="jdh17"></var>
    <ins id="jdh17"><span id="jdh17"><var id="jdh17"></var></span></ins>
    <var id="jdh17"></var>
    <cite id="jdh17"><span id="jdh17"></span></cite>
    <var id="jdh17"></var>
    <thead id="jdh17"><strike id="jdh17"><listing id="jdh17"></listing></strike></thead>
    <cite id="jdh17"><video id="jdh17"><menuitem id="jdh17"></menuitem></video></cite>

    Security

    Security Advisory: ZF2018-01

    ZF2018-01: URL Rewrite vulnerability

    zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request headers that are specific to a given server-side URL rewrite mechanism.

    When these headers are present on systems not running the specific URL rewriting mechanism, the logic would still trigger, allowing a malicious client or proxy to emulate the headers to request arbitrary content.

    Action Taken

    In each of the affected components, we have removed support for the specific request headers. Users can provide support within their applications to re-instate the logic if they are using the specific URL rewrite mechanism; users are encouraged to filter these headers in their web server prior to any rewrites to ensure their validity.

    The patch resolving the vulnerability is available in:

    • zend-diactoros, 1.8.4
    • zend-http, 2.8.1
    • zend-feed, 2.10.3

    Zend Framework MVC, Apigility, and Expressive users will receive relevant updated components via composer update.

    We highly recommend all users of affected projects update immediately.

    Acknowledgments

    The Zend Framework team thanks the following for identifying the issues and working with us to help protect its users:

    Released 2018-08-01

    Back to advisories

    Have you identified a security vulnerability?

    Please report it to us at [email protected]

    Copyright

    © 2006-2019 by Zend, a Rogue Wave Company. Made with by awesome contributors.

    This website is built using zend-expressive and it runs on PHP 7.

    Contacts

    六合特码资料
  • <cite id="jdh17"></cite>
    <ins id="jdh17"></ins>
    <var id="jdh17"></var>
    <ins id="jdh17"><span id="jdh17"><var id="jdh17"></var></span></ins>
    <var id="jdh17"></var>
    <cite id="jdh17"><span id="jdh17"></span></cite>
    <var id="jdh17"></var>
    <thead id="jdh17"><strike id="jdh17"><listing id="jdh17"></listing></strike></thead>
    <cite id="jdh17"><video id="jdh17"><menuitem id="jdh17"></menuitem></video></cite>
  • <cite id="jdh17"></cite>
    <ins id="jdh17"></ins>
    <var id="jdh17"></var>
    <ins id="jdh17"><span id="jdh17"><var id="jdh17"></var></span></ins>
    <var id="jdh17"></var>
    <cite id="jdh17"><span id="jdh17"></span></cite>
    <var id="jdh17"></var>
    <thead id="jdh17"><strike id="jdh17"><listing id="jdh17"></listing></strike></thead>
    <cite id="jdh17"><video id="jdh17"><menuitem id="jdh17"></menuitem></video></cite>
    p62黑龙江开奖号 福彩3d相关推荐 华东五市东方6加1开奖结果 电玩注册微信客服送分 体彩飞鱼快人一步 西安按摩会所那里有00后 分分彩网上代理返点 广州按摩女孩 江西时时软件手机版 重庆时时五星3码必中