Critical severity9.1NVD Advisory· Published Aug 7, 2017· Updated Jun 17, 2026
CVE-2015-1555
CVE-2015-1555
Description
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:zend:zend_framework:2.2.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:zend:zend_framework:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.3.3:*:*:*:*:*:*:*
- (no CPE)range: <2.2.9, <2.3.4
Patches
Vulnerability mechanics
References
1- framework.zend.com/security/advisory/ZF2015-01nvdVendor Advisory
News mentions
0No linked articles in our index yet.