VYPR
High severity7.5NVD Advisory· Published Oct 10, 2017· Updated Jun 17, 2026

CVE-2015-7503

CVE-2015-7503

Description

Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
zendframework/zendframeworkPackagist
>= 2.5.0, < 2.5.22.5.2
zendframework/zend-cryptPackagist
>= 2.0.0, < 2.4.92.4.9
zendframework/zend-cryptPackagist
>= 2.5.0, < 2.5.22.5.2
zendframework/zendframeworkPackagist
>= 2.0.0, < 2.4.92.4.9

Affected products

13
  • Zend/Framework11 versions
    cpe:2.3:a:zend:zend_framework:2.4.0:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:zend:zend_framework:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.5.1:*:*:*:*:*:*:*
  • ghsa-coords2 versions
    >= 2.0.0, < 2.4.9+ 1 more
    • (no CPE)range: >= 2.0.0, < 2.4.9
    • (no CPE)range: >= 2.5.0, < 2.5.2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.