Your submission was sent successfully! Close

CVE-2015-1555

Published: 7 August 2017

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.

Priority

Medium

CVSS 3 base score: 9.1

Status

Package Release Status
zend-framework
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream
Released (2.2.9)
xenial Not vulnerable
(code not present)
zesty Does not exist

zendframework
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(code not present)
precise Does not exist

trusty Does not exist

upstream
Released (2.2.9)
wily Does not exist

xenial Does not exist

zesty Ignored
(reached end-of-life)