CVE-2015-7503
high
CVSS v3
7.5
CVSS v2
5.0
VIR risk
7.5
Description
Zend Framework Information Disclosure
Predictions
Exploit likelihood
83%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — https://framework.zend.com/security/advisory/ZF2015-10
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | zendframework/zendframework | >=2.5.0,<2.5.2 | 2.5.2 |
| Packagist | zendframework/zend-crypt | >=2.0.0,<2.4.9 | 2.4.9 |
| Packagist | zendframework/zend-crypt | >=2.5.0,<2.5.2 | 2.5.2 |
| Packagist | zendframework/zendframework | >=2.0.0,<2.4.9 | 2.4.9 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| zend | zend_framework | 2.4.0 | |
| zend | zend_framework | 2.4.1 | |
| zend | zend_framework | 2.4.2 | |
| zend | zend_framework | 2.4.3 | |
| zend | zend_framework | 2.4.4 | |
| zend | zend_framework | 2.4.5 | |
| zend | zend_framework | 2.4.6 | |
| zend | zend_framework | 2.4.7 | |
| zend | zend_framework | 2.4.8 | |
| zend | zend_framework | 2.5.0 | |
| zend | zend_framework | 2.5.1 | |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1283137
- https://framework.zend.com/security/advisory/ZF2015-10
- https://nvd.nist.gov/vuln/detail/CVE-2015-7503
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yaml
- https://github.com/zendframework/zendframework
CWEs
CWE-320
Verify integrity in audit chain (admin only). AS-IS.