VDB
CVE-2015-7503
CVE-2015-7503
PUBLISHED
CVSS 5 MEDIUM
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.
EPSS 0.25% · 48.4th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.25%
48.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| zendframework | zend-crypt | 2.5.0, 2.0.0 |
| zend | zend_framework | 2.4.2, 2.4.3, 2.4.6 |
| n/a | n/a | n/a |
| zendframework | zendframework | 2.5.0, 2.0.0 |
Timeline
- Oct 10, 2017 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://framework.zend.com/security/advisory/ZF2015-10 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1283137 url
- https://nvd.nist.gov/vuln/detail/CVE-2015-7503 advisory
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yaml url
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yaml url
- https://github.com/zendframework/zendframework package