Critical severity9.1NVD Advisory· Published Aug 7, 2017· Updated May 13, 2026
CVE-2015-1555
CVE-2015-1555
Description
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.
Affected products
13cpe:2.3:a:zend:zend_framework:2.2.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:zend:zend_framework:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.3.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- framework.zend.com/security/advisory/ZF2015-01nvdVendor Advisory
News mentions
0No linked articles in our index yet.