Описание
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| zendframework | not-affected | package |
Примечания
http://framework.zend.com/security/advisory/ZF2015-01
Связанные уязвимости
CVSS3: 9.1
ubuntu
больше 8 лет назад
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.
CVSS3: 9.1
nvd
больше 8 лет назад
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.
CVSS3: 9.1
github
больше 3 лет назад
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.