CVE-2015-1786
moderate-risk
Published 2017-06-08
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.
Do I need to act?
-
0.11% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (6)
Affected Vendors
References (4)
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1207781
Release Notes
https://framework.zend.com/changelog/2.3.6
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1207781
Release Notes
https://framework.zend.com/changelog/2.3.6
43
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
0/34 · Minimal
Exposure
13/34 · Low