CVE-2015-7503

Published: Oct 10, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.

Affected (11)

Products: Zend: Zend Framework

Zend

1 product

Zend Framework

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Zend Zend Framework	Version 2.4.0
Zend Zend Framework	Version 2.4.1
Zend Zend Framework	Version 2.4.2
Zend Zend Framework	Version 2.4.3
Zend Zend Framework	Version 2.4.4
Zend Zend Framework	Version 2.4.5
Zend Zend Framework	Version 2.4.6
Zend Zend Framework	Version 2.4.7
Zend Zend Framework	Version 2.4.8
Zend Zend Framework	Version 2.5.0
Zend Zend Framework	Version 2.5.1

Related CWEs

CWE-320

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1283137

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://framework.zend.com/security/advisory/ZF2015-10

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1283137

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://framework.zend.com/security/advisory/ZF2015-10

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.