Candidate: CVE-2015-1555
PublicDate: 2017-08-07 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1555
 http://framework.zend.com/security/advisory/ZF2015-01
Description:
 Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x
 before 2.3.4 allows remote attackers to create valid sessions without using
 session validators.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N [9.1 CRITICAL]

Patches_zend-framework:
upstream_zend-framework: released (2.2.9)
precise/esm_zend-framework: DNE
trusty_zend-framework: not-affected (code not present)
trusty/esm_zend-framework: DNE (trusty was not-affected [code not present])
vivid/ubuntu-core_zend-framework: DNE
xenial_zend-framework: not-affected (code not present)
zesty_zend-framework: DNE
artful_zend-framework: DNE
bionic_zend-framework: DNE
devel_zend-framework: DNE

Patches_zendframework:
upstream_zendframework: released (2.2.9)
precise/esm_zendframework: DNE
trusty_zendframework: DNE
trusty/esm_zendframework: DNE
vivid/ubuntu-core_zendframework: DNE
wily_zendframework: DNE
xenial_zendframework: DNE
zesty_zendframework: ignored (reached end-of-life)
artful_zendframework: ignored (reached end-of-life)
bionic_zendframework: not-affected (code not present)
devel_zendframework: not-affected (code not present)