Vulnerability Details CVE-2012-2667
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/49312
- http://symfony.com/blog/security-release-symfony-1-4-18-released
- http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
- http://www.openwall.com/lists/oss-security/2012/06/04/1
- http://www.openwall.com/lists/oss-security/2012/06/05/2
- http://www.securityfocus.com/bid/53776
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76027
- http://secunia.com/advisories/49312
- http://symfony.com/blog/security-release-symfony-1-4-18-released
- http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
- http://www.openwall.com/lists/oss-security/2012/06/04/1
- http://www.openwall.com/lists/oss-security/2012/06/05/2
- http://www.securityfocus.com/bid/53776
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76027
Products affected by CVE-2012-2667
-
cpe:2.3:a:sensiolabs:symfony:1.4.0
-
cpe:2.3:a:sensiolabs:symfony:1.4.1
-
cpe:2.3:a:sensiolabs:symfony:1.4.10
-
cpe:2.3:a:sensiolabs:symfony:1.4.11
-
cpe:2.3:a:sensiolabs:symfony:1.4.12
-
cpe:2.3:a:sensiolabs:symfony:1.4.13
-
cpe:2.3:a:sensiolabs:symfony:1.4.14
-
cpe:2.3:a:sensiolabs:symfony:1.4.15
-
cpe:2.3:a:sensiolabs:symfony:1.4.16
-
cpe:2.3:a:sensiolabs:symfony:1.4.17
-
cpe:2.3:a:sensiolabs:symfony:1.4.2
-
cpe:2.3:a:sensiolabs:symfony:1.4.3
-
cpe:2.3:a:sensiolabs:symfony:1.4.4
-
cpe:2.3:a:sensiolabs:symfony:1.4.5
-
cpe:2.3:a:sensiolabs:symfony:1.4.6
-
cpe:2.3:a:sensiolabs:symfony:1.4.7
-
cpe:2.3:a:sensiolabs:symfony:1.4.8
-
cpe:2.3:a:sensiolabs:symfony:1.4.9