VYPR
Critical severity9.1NVD Advisory· Published Aug 7, 2017· Updated Jun 17, 2026

CVE-2015-1555

CVE-2015-1555

Description

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

14
  • Zend/Framework14 versions
    cpe:2.3:a:zend:zend_framework:2.2.0:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:zend:zend_framework:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.3.3:*:*:*:*:*:*:*
    • (no CPE)range: <2.2.9, <2.3.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.