CVE-2015-1555

Published: Aug 7, 2017Modified: May 13, 2026

9.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.

Affected (13)

Products: Zend: Zend Framework

Zend

1 product

Zend Framework

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Zend Zend Framework	Version 2.2.0
Zend Zend Framework	Version 2.2.1
Zend Zend Framework	Version 2.2.2
Zend Zend Framework	Version 2.2.3
Zend Zend Framework	Version 2.2.4
Zend Zend Framework	Version 2.2.5
Zend Zend Framework	Version 2.2.6
Zend Zend Framework	Version 2.2.7
Zend Zend Framework	Version 2.2.8
Zend Zend Framework	Version 2.3.0
Zend Zend Framework	Version 2.3.1
Zend Zend Framework	Version 2.3.2
Zend Zend Framework	Version 2.3.3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://framework.zend.com/security/advisory/ZF2015-01

Source: secalert@redhat.com

Vendor Advisory

http://framework.zend.com/security/advisory/ZF2015-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.