CVE-2015-1555 - Vulnerability Details

Vendors	Products
Zend	Zend Framework

Link	Providers
http://framework.zend.com/security/advisory/ZF2015-01

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-14T00:00:00", "descriptions": [{"lang": "en", "value": "Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://framework.zend.com/security/advisory/ZF2015-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1555", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://framework.zend.com/security/advisory/ZF2015-01", "refsource": "CONFIRM", "url": "http://framework.zend.com/security/advisory/ZF2015-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:47:16.960Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://framework.zend.com/security/advisory/ZF2015-01"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-1555", "datePublished": "2017-08-07T17:00:00", "dateReserved": "2015-02-07T00:00:00", "dateUpdated": "2024-08-06T04:47:16.960Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-01-14T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-08-07T16:57:01 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://framework.zend.com/security/advisory/ZF2015-01 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert@redhat.com (string)

ID : CVE-2015-1555 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://framework.zend.com/security/advisory/ZF2015-01 (string)

refsource : CONFIRM (string)

url : http://framework.zend.com/security/advisory/ZF2015-01 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T04:47:16.960Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://framework.zend.com/security/advisory/ZF2015-01 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2015-1555 (string)

datePublished : 2017-08-07T17:00:00 (string)

dateReserved : 2015-02-07T00:00:00 (string)

dateUpdated : 2024-08-06T04:47:16.960Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zend:zend_framework:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D4D51607-3FA8-4E30-8B02-004F056583E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend_framework:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "90A9D6B0-D34B-423A-AB7D-D6B14F3F1FA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend_framework:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "E258FDD6-AF80-4166-A3C0-BC41EAFD894C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend_framework:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "2B537EBA-396D-4C52-A65D-CD26E59EE44A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend_framework:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "80CD59F7-E5F7-4146-A422-79C652121D39", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend_framework:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "0F760DAF-39EE-400E-BEF4-B6816080538A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend_framework:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "0CB89CEA-8DC2-4DD2-8A41-BD944261E1CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend_framework:2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "C85F6A88-33E7-4C71-B52B-99D13CD23F3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend_framework:2.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "75E530D7-6033-4151-AEF6-F7A0E3CC86CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend_framework:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "58B32A65-119C-45EF-8122-EBFCA41A1696", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend_framework:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "32E9E662-1642-49D6-9908-9BD4DE479114", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend_framework:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "0ACBA96F-C081-4B66-BC4B-C456FA688EA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend_framework:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "23C2DD7D-3CB8-4E69-9B4D-B0A4552A1177", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators."}, {"lang": "es", "value": "Zend/Session/SessionManager en Zend Framework 2.2.x en versiones anteriores a 2.2.9, 2.3.x en versiones anteriores a 2.3.4 permite que atacantes remotos creen sesiones v\u00e1lidas sin emplear validadores de sesi\u00f3n."}], "id": "CVE-2015-1555", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-07T17:29:00.347", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://framework.zend.com/security/advisory/ZF2015-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://framework.zend.com/security/advisory/ZF2015-01"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:zend:zend_framework:2.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D4D51607-3FA8-4E30-8B02-004F056583E4 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:zend:zend_framework:2.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 90A9D6B0-D34B-423A-AB7D-D6B14F3F1FA3 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:zend:zend_framework:2.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : E258FDD6-AF80-4166-A3C0-BC41EAFD894C (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:zend:zend_framework:2.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 2B537EBA-396D-4C52-A65D-CD26E59EE44A (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:zend:zend_framework:2.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 80CD59F7-E5F7-4146-A422-79C652121D39 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:zend:zend_framework:2.2.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 0F760DAF-39EE-400E-BEF4-B6816080538A (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:zend:zend_framework:2.2.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 0CB89CEA-8DC2-4DD2-8A41-BD944261E1CA (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:zend:zend_framework:2.2.7:*:*:*:*:*:*:* (string)

matchCriteriaId : C85F6A88-33E7-4C71-B52B-99D13CD23F3C (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:zend:zend_framework:2.2.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 75E530D7-6033-4151-AEF6-F7A0E3CC86CA (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:zend:zend_framework:2.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 58B32A65-119C-45EF-8122-EBFCA41A1696 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:zend:zend_framework:2.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 32E9E662-1642-49D6-9908-9BD4DE479114 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:zend:zend_framework:2.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 0ACBA96F-C081-4B66-BC4B-C456FA688EA2 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:zend:zend_framework:2.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 23C2DD7D-3CB8-4E69-9B4D-B0A4552A1177 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators. (string)

}

1 : { »

lang : es (string)

value : Zend/Session/SessionManager en Zend Framework 2.2.x en versiones anteriores a 2.2.9, 2.3.x en versiones anteriores a 2.3.4 permite que atacantes remotos creen sesiones válidas sin emplear validadores de sesión. (string)

}

]

id : CVE-2015-1555 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 6.4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 4.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 9.1 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.2 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-08-07T17:29:00.347 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://framework.zend.com/security/advisory/ZF2015-01 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://framework.zend.com/security/advisory/ZF2015-01 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object