CVE-2015-1555

NONE EPSS 69.0%
Published Aug 7, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Aug 7, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.

Threat Intelligence

EPSS Exploit Probability
69.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 13

VendorProductVersionRange
zendzend_framework2.2.0any
zendzend_framework2.2.1any
zendzend_framework2.2.2any
zendzend_framework2.2.3any
zendzend_framework2.2.4any
zendzend_framework2.2.5any
zendzend_framework2.2.6any
zendzend_framework2.2.7any
zendzend_framework2.2.8any
zendzend_framework2.3.0any
zendzend_framework2.3.1any
zendzend_framework2.3.2any
zendzend_framework2.3.3any

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.