CVE-2015-1786
Published: 8 June 2017
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.
Priority
Medium
CVSS 3 base score: 8.8
Status
| Package | Release | Status |
|---|---|---|
|
zendframework Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.3.6)
|
|
| utopic |
Does not exist
|
Notes
| Author | Note |
|---|---|
| seth-arnold | this issue was introduced in 2.3. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1786
- http://framework.zend.com/security/advisory/ZF2015-03
- NVD
- Launchpad
- Debian