Candidate: CVE-2015-1786
PublicDate: 2017-06-08 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1786
 http://framework.zend.com/security/advisory/ZF2015-03
Description:
 Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in
 Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.
Ubuntu-Description:
Notes:
 seth-arnold> this issue was introduced in 2.3.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_zendframework:
upstream_zendframework: released (2.3.6)
lucid_zendframework: ignored (reached end-of-life)
precise_zendframework: DNE
trusty_zendframework: DNE
trusty/esm_zendframework: DNE
utopic_zendframework: DNE
devel_zendframework: DNE