CVE-2012-2667Symfony vulnerability

6 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 33.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sensiolabs Symfony
Timeline
PublishedJun 7
Latest updateMay 17

Description

Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDsensiolabs/symfony1.4.17+17

🔴Vulnerability Details

2
GHSA
GHSA-9j54-wmcm-g7mf: Session fixation vulnerability in lib/user/sfBasicSecurityUser2022-05-17
CVEList
CVE-2012-2667: Session fixation vulnerability in lib/user/sfBasicSecurityUser2012-06-07

💬Community

3
Bugzilla
CVE-2012-2667 php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version [fedora-all]2012-06-04
Bugzilla
CVE-2012-2667 php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version [epel-6]2012-06-04
Bugzilla
CVE-2012-2667 php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version2012-06-04
CVE-2012-2667 — Sensiolabs Symfony vulnerability | cvebase