CVE-2015-1555
NONE EPSS 69.0%
Published Aug 7, 20178y ago · Modified Jun 17, 20262w ago
Published Aug 7, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.
Threat Intelligence
EPSS Exploit Probability
69.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 13
| Vendor | Product | Version | Range |
|---|---|---|---|
| zend | zend_framework | 2.2.0 | any |
| zend | zend_framework | 2.2.1 | any |
| zend | zend_framework | 2.2.2 | any |
| zend | zend_framework | 2.2.3 | any |
| zend | zend_framework | 2.2.4 | any |
| zend | zend_framework | 2.2.5 | any |
| zend | zend_framework | 2.2.6 | any |
| zend | zend_framework | 2.2.7 | any |
| zend | zend_framework | 2.2.8 | any |
| zend | zend_framework | 2.3.0 | any |
| zend | zend_framework | 2.3.1 | any |
| zend | zend_framework | 2.3.2 | any |
| zend | zend_framework | 2.3.3 | any |
References 1
- framework.zend.com http://framework.zend.com/security/advisory/ZF2015-01
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.