WS-2018-0158 | Mend Vulnerability Database

Vulnerability DatabaseWS-2018-0158

WS-2018-0158

Published:May 14, 2026

Updated:May 14, 2026

URL Rewrite vulnerability in zendframework which is exist in projects zend-diactoros before version 1.8.4, in zend-http before version 2.8.1 and in zend-feed before version 2.10.3. In each case, marshaling a request URI includes logic that introspects HTTP request headers that are specific to a given server-side URL rewrite mechanism.

Affected Packages

vufind/vufind (PHP):

Affected version(s) >=v2.0RC1 <dev-autocomplete-v2-1-10

Fix Suggestion:

Update to version dev-autocomplete-v2-1-10

xtreed/zend-diactoros (PHP):

Affected version(s) >=1.8.1 <1.8.4

Fix Suggestion:

Update to version 1.8.4

reliv/rcm-dynamic-navigation (PHP):

Affected version(s) >=0.1.0 <0.1.2

Fix Suggestion:

Update to version 0.1.2

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-fix-76cf46bd82f4347fa5bd130cdd788057 <=dev-snyk-upgrade-b8f4dac44087b061e2e7d08aa4d95731

Fix Suggestion:

Update to version no_fix

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-db5589e32a61db42524a88ad04a6eaba <6.0.1+230411

Fix Suggestion:

Update to version 6.0.1+230411

drupal/drupal (PHP):

Affected version(s) >=8.0.0-rc3 <8.0.0

Fix Suggestion:

Update to version 8.0.0

vufind/vufind (PHP):

Affected version(s) =v1.27.0 <v1.28.0

Fix Suggestion:

Update to version v1.28.0

sos-solution/other-framework (PHP):

Affected version(s) >=dev-master <=1.0.0

Fix Suggestion:

Update to version no_fix

vufind/vufind (PHP):

Affected version(s) >=v1.21.0 <v1.23.0

Fix Suggestion:

Update to version v1.23.0

controleonline/speed-up-essentials (PHP):

Affected version(s) =dev-master <v1.0.0

Fix Suggestion:

Update to version v1.0.0

zendframework/zend-feed (PHP):

Affected version(s) >=2.0.5 <2.0.7

Fix Suggestion:

Update to version 2.0.7

zendframework/zend-feed (PHP):

Affected version(s) >=2.1.6 <2.2.0rc3

Fix Suggestion:

Update to version 2.2.0rc3

lochmueller/autoloader (PHP):

Affected version(s) >=2.1.1 <dev-analysis-3wWO14

Fix Suggestion:

Update to version dev-analysis-3wWO14

limesurvey/limesurvey (PHP):

Affected version(s) =dev-snyk-upgrade-568d6fdaf6b84a31b10bdc2cfcabbdfd <dev-survey-defaultsettings

Fix Suggestion:

Update to version dev-survey-defaultsettings

gotcms/gotcms (PHP):

Affected version(s) >=0.1.0b <=1.6.2

Fix Suggestion:

Update to version no_fix

limesurvey/limesurvey (PHP):

Affected version(s) >=3.20.0+191112 <3.23.5+200923

Fix Suggestion:

Update to version 3.23.5+200923

drupal/core (PHP):

Affected version(s) >=8.0.0-beta6 <8.0.0-rc1

Fix Suggestion:

Update to version 8.0.0-rc1

zendframework/zend-http (PHP):

Affected version(s) >=2.1.6 <2.2.0rc3

Fix Suggestion:

Update to version 2.2.0rc3

vufind/vufind (PHP):

Affected version(s) >=dev-release-2.2 <dev-release-3.0

Fix Suggestion:

Update to version dev-release-3.0

limesurvey/limesurvey (PHP):

Affected version(s) >=3.23.6+200929 <3.27.28+211208

Fix Suggestion:

Update to version 3.27.28+211208

xtreed/zend-diactoros (PHP):

Affected version(s) =1.8.0 <dev-release-1.8

Fix Suggestion:

Update to version dev-release-1.8

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-bc996b6b018fc6ea7d4263390981c31a <dev-tests-clieck-views1

Fix Suggestion:

Update to version dev-tests-clieck-views1

drupal/core-file-cache (PHP):

Affected version(s) >=8.0.0-beta6 <8.1.0

Fix Suggestion:

Update to version 8.1.0

rcm/dynamic-navigation (PHP):

Affected version(s) >=0.1.0 <0.1.2

Fix Suggestion:

Update to version 0.1.2

zendframework/zend-feed (PHP):

Affected version(s) >=2.2.10 <2.3.4

Fix Suggestion:

Update to version 2.3.4

pi/pi (PHP):

Affected version(s) >=dev-master <v2.8.0

Fix Suggestion:

Update to version v2.8.0

obimet/tool_console (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

drupal/core (PHP):

Affected version(s) >=8.0.0-beta10 <8.0.0-beta16

Fix Suggestion:

Update to version 8.0.0-beta16

limesurvey/limesurvey (PHP):

Affected version(s) >=4.0.0+200116 <4.4.0+210129

Fix Suggestion:

Update to version 4.4.0+210129

zendframework/zend-http (PHP):

Affected version(s) >=2.1.3 <2.1.5

Fix Suggestion:

Update to version 2.1.5

zendframework/zend-http (PHP):

Affected version(s) >=2.2.10 <2.3.2

Fix Suggestion:

Update to version 2.3.2

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-fix-a9c10ba47e88a08c83b32a913752ea82 <dev-snyk-upgrade-8e8193a6a781d5929de6292963cd2a21

Fix Suggestion:

Update to version dev-snyk-upgrade-8e8193a6a781d5929de6292963cd2a21

zzh-php/lib (PHP):

Affected version(s) >=dev-local <=1.1.0.x-dev

Fix Suggestion:

Update to version no_fix

zendframework/zend-feed (PHP):

Affected version(s) >=2.1.3 <2.1.5

Fix Suggestion:

Update to version 2.1.5

boboldehampsink/pushnotifications (PHP):

Affected version(s) >=dev-feature/wns <0.0.3

Fix Suggestion:

Update to version 0.0.3

zendframework/zend-feed (PHP):

Affected version(s) >=2.2.4 <2.2.6

Fix Suggestion:

Update to version 2.2.6

vufind/vufind (PHP):

Affected version(s) >=RD1.01 <v1.20.0

Fix Suggestion:

Update to version v1.20.0

limesurvey/limesurvey (PHP):

Affected version(s) =3.27.34+220132 <3.27.35+220208

Fix Suggestion:

Update to version 3.27.35+220208

limesurvey/limesurvey (PHP):

Affected version(s) >=3.28.15+220616 <3.28.18+220706

Fix Suggestion:

Update to version 3.28.18+220706

limesurvey/limesurvey (PHP):

Affected version(s) >=3.28.20+220719 <dev-fixv3-16987

Fix Suggestion:

Update to version dev-fixv3-16987

zendframework/zend-feed (PHP):

Affected version(s) >=2.3.9 <2.4.0rc3

Fix Suggestion:

Update to version 2.4.0rc3

fatfish/importer (PHP):

Affected version(s) >=dev-master <v1.0

Fix Suggestion:

Update to version v1.0

drupal/drupal (PHP):

Affected version(s) =8.0.0-beta16 <8.0.0-beta2

Fix Suggestion:

Update to version 8.0.0-beta2

drupal/core-dependency-injection (PHP):

Affected version(s) >=8.0.0-beta10 <8.0.0-beta15

Fix Suggestion:

Update to version 8.0.0-beta15

drupal/drupal (PHP):

Affected version(s) =8.0.0-rc1 <8.0.0-rc2

Fix Suggestion:

Update to version 8.0.0-rc2

zendframework/zend-feed (PHP):

Affected version(s) >=2.0.0 <2.0.4

Fix Suggestion:

Update to version 2.0.4

redactivemedia/redactive-drupal8-platform (PHP):

Affected version(s) >=8.0.0-beta12 <8.8.0

Fix Suggestion:

Update to version 8.8.0

zendframework/zend-http (PHP):

Affected version(s) >=2.2.0 <2.2.3

Fix Suggestion:

Update to version 2.2.3

thxyh99/zendframework (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

controleonline/speed-up-essentials (PHP):

Affected version(s) >=v1.10.16 <=v1.13.1

Fix Suggestion:

Update to version no_fix

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-f2061a8270a5579306cb12524f53a6d4 <dev-survey-booleans3

Fix Suggestion:

Update to version dev-survey-booleans3

limesurvey/limesurvey (PHP):

Affected version(s) >=3.27.29+211214 <3.27.33+220125

Fix Suggestion:

Update to version 3.27.33+220125

serkancelik17/hotel_content_api_sdk (PHP):

Affected version(s) >=dev-master <=v1.0.0

Fix Suggestion:

Update to version no_fix

openwebapp/openwebapp (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

zendframework/zend-http (PHP):

Affected version(s) >=2.2.4 <2.2.6

Fix Suggestion:

Update to version 2.2.6

zendframework/zend-feed (PHP):

Affected version(s) =2.4.0 <2.4.1

Fix Suggestion:

Update to version 2.4.1

limesurvey/limesurvey (PHP):

Affected version(s) =dev-snyk-upgrade-53b356322f333277c170a2cf3a032ba7 <dev-inspect34

Fix Suggestion:

Update to version dev-inspect34

drupal/drupal (PHP):

Affected version(s) =8.0.x-dev <8.0.1

Fix Suggestion:

Update to version 8.0.1

drupal/drupal (PHP):

Affected version(s) >=8.0.3 <8.1.0-beta2

Fix Suggestion:

Update to version 8.1.0-beta2

limesurvey/limesurvey (PHP):

Affected version(s) >=3.28.1+220229 <3.28.14+220608

Fix Suggestion:

Update to version 3.28.14+220608

zendframework/zend-diactoros (PHP):

Affected version(s) =1.8.0 <dev-release-1.8

Fix Suggestion:

Update to version dev-release-1.8

tanzhenxing/educms (PHP):

Affected version(s) =1.05 <1.06

Fix Suggestion:

Update to version 1.06

zendframework/zend-http (PHP):

Affected version(s) >=2.0.8 <2.1.2

Fix Suggestion:

Update to version 2.1.2

vivaweb/zendframework (PHP):

Affected version(s) >=release-2.0.0rc2 <2.5.0

Fix Suggestion:

Update to version 2.5.0

gotcms/gotcms (PHP):

Affected version(s) >=dev-master <0.1.0a

Fix Suggestion:

Update to version 0.1.0a

zendframework/zend-http (PHP):

Affected version(s) >=2.4.0 <2.4.2

Fix Suggestion:

Update to version 2.4.2

zendframework/zend-http (PHP):

Affected version(s) >=2.0.0 <2.0.7

Fix Suggestion:

Update to version 2.0.7

withadresden/superdrupal (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

limesurvey/limesurvey (PHP):

Affected version(s) =dev-fix-16939-merge-mistake <dev-fix-16987

Fix Suggestion:

Update to version dev-fix-16987

limesurvey/limesurvey (PHP):

Affected version(s) =dev-fix-spss-token-length <dev-fix-tests

Fix Suggestion:

Update to version dev-fix-tests

pi/pi (PHP):

Affected version(s) =dev-bs4

Fix Suggestion:

Update to version no_fix

limesurvey/limesurvey (PHP):

Affected version(s) =2.2.5 <2.65.2+170606

Fix Suggestion:

Update to version 2.65.2+170606

zendframework/zend-feed (PHP):

Affected version(s) >=2.4.13 <2.10.3

Fix Suggestion:

Update to version 2.10.3

limesurvey/limesurvey (PHP):

Affected version(s) >=4.0.0-RC10+191202 <4.0.0-RC2+190723

Fix Suggestion:

Update to version 4.0.0-RC2+190723

zendframework/zend-feed (PHP):

Affected version(s) >=2.0.8 <2.1.2

Fix Suggestion:

Update to version 2.1.2

zendframework/zendframework (PHP):

Affected version(s) >=release-2.0.0rc2 <2.5.0

Fix Suggestion:

Update to version 2.5.0

limesurvey/limesurvey (PHP):

Affected version(s) =dev-update-testing-dependencies <dev-viewanswers

Fix Suggestion:

Update to version dev-viewanswers

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-3ddd041b50fb018d81e7711467a35e76 <dev-redo-13161

Fix Suggestion:

Update to version dev-redo-13161

zendframework/zend-http (PHP):

Affected version(s) =2.4.0rc5 <2.4.0rc6

Fix Suggestion:

Update to version 2.4.0rc6

torrentpier/torrentpier (PHP):

Affected version(s) >=v2.1.4 <v2.2.0

Fix Suggestion:

Update to version v2.2.0

cristiroma/drupal-boilerplate-8 (PHP):

Affected version(s) =0.1

Fix Suggestion:

Update to version no_fix

zendframework/zend-diactoros (PHP):

Affected version(s) >=1.8.1 <1.8.4

Fix Suggestion:

Update to version 1.8.4

zendframework/zend-http (PHP):

Affected version(s) >=2.4.13 <2.8.1

Fix Suggestion:

Update to version 2.8.1

muse/zend-diactoros (PHP):

Affected version(s) >=1.8.1 <1.8.4

Fix Suggestion:

Update to version 1.8.4

webflo/drupal (PHP):

Affected version(s) =8.0.x-dev

Fix Suggestion:

Update to version no_fix

zendframework/zend-feed (PHP):

Affected version(s) =dev-legacy <dev-master

Fix Suggestion:

Update to version dev-master

zendframework/zend-http (PHP):

Affected version(s) >=2.3.7 <2.4.0rc3

Fix Suggestion:

Update to version 2.4.0rc3

vijaycs85/coverage-report (PHP):

Affected version(s) >=8.0-alpha10 <8.1.0-beta2

Fix Suggestion:

Update to version 8.1.0-beta2

zendframework/zend-feed (PHP):

Affected version(s) >=2.2.0 <2.2.3

Fix Suggestion:

Update to version 2.2.3

zendframework/zend-http (PHP):

Affected version(s) >=2.3.3 <2.3.5

Fix Suggestion:

Update to version 2.3.5

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-v3-add-import-converter <3.0.1+171228

Fix Suggestion:

Update to version 3.0.1+171228

zendframework/zend-http (PHP):

Affected version(s) =dev-legacy <dev-master

Fix Suggestion:

Update to version dev-master

limesurvey/limesurvey (PHP):

Affected version(s) >=4.0.0-RC7+191111 <4.0.0-alpha+181212

Fix Suggestion:

Update to version 4.0.0-alpha+181212

muse/zend-diactoros (PHP):

Affected version(s) =1.8.0 <dev-release-1.8

Fix Suggestion:

Update to version dev-release-1.8

atnightandintransportation/cms (PHP):

Affected version(s) >=0.5.0 <0.6.1

Fix Suggestion:

Update to version 0.6.1

zendframework/zend-http (PHP):

Affected version(s) =2.4.7 <2.4.8

Fix Suggestion:

Update to version 2.4.8

boboldehampsink/pushnotifications (PHP):

Affected version(s) =0.3.2

Fix Suggestion:

Update to version no_fix

boboldehampsink/pushnotifications (PHP):

Affected version(s) =dev-develop <dev-feature/mpns

Fix Suggestion:

Update to version dev-feature/mpns

lochmueller/autoloader (PHP):

Affected version(s) =3.1.0 <3.2.0

Fix Suggestion:

Update to version 3.2.0

vufind/vufind (PHP):

Affected version(s) >=26-beta-1 <dev-VUFIND-1342

Fix Suggestion:

Update to version dev-VUFIND-1342

thxyh99/composer_advance (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

drupal/core-dependency-injection (PHP):

Affected version(s) >=8.0.0-beta6 <8.0.0-rc1

Fix Suggestion:

Update to version 8.0.0-rc1

Related Resources (5)

https://github.com/FriendsOfPHP/security-advisories/commit/2506c2b2408132f8e77c6140cb562bebdb92644f

https://github.com/zendframework/zend-feed/commit/6641f4cf3f4586c63f83fd70b6d19966025c8888

https://github.com/zendframework/zend-http/commit/44197164a270259116162a442f639085ea24094a

https://github.com/zendframework/zend-diactoros/commit/736ffa7c2bfa4a60e8a10acb316fa2ac456c5fba

https://framework.zend.com/security/advisory/ZF2018-01

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE