CVE-2015-1786
Published: 8 June 2017
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.
Priority
CVSS 3 base score: 8.8
Status
Package | Release | Status |
---|---|---|
zendframework Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.3.6)
|
|
utopic |
Does not exist
|
Notes
Author | Note |
---|---|
seth-arnold | this issue was introduced in 2.3. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1786
- http://framework.zend.com/security/advisory/ZF2015-03
- NVD
- Launchpad
- Debian