CVE-2015-8124Session Fixation in Security

CWE-384Session Fixation9 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
0.3%
top 46.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SymfonySymfony SecuritySymfony Security-http+1 more
Timeline
PublishedDec 7
Latest updateMay 14

Description

Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages5 packages

Packagistsymfony/symfony2.3.02.3.35+2
Packagistsymfony/security2.3.02.3.35+2
Packagistsymfony/security-http2.4.02.6.12+1
Debiansymfony/symfony< 2.7.7+dfsg-1+3
NVDsensiolabs/symfony54 versions+53

🔴Vulnerability Details

4
OSV
Symfony Session Fixation Vulnerability2022-05-14
GHSA
Symfony Session Fixation Vulnerability2022-05-14
CVEList
CVE-2015-8124: Session fixation vulnerability in the "Remember Me" login feature in Symfony 22015-12-07
OSV
CVE-2015-8124: Session fixation vulnerability in the "Remember Me" login feature in Symfony 22015-12-07

📋Vendor Advisories

1
Debian
CVE-2015-8124: symfony - Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3...2015

💬Community

3
Bugzilla
CVE-2015-8124 CVE-2015-8125 php-symfony: Session fixation and remote timing attack vulnerabilities [fedora-all]2015-11-25
Bugzilla
CVE-2015-8124 CVE-2015-8125 php-symfony: Session fixation and remote timing attack vulnerabilities2015-11-25
Bugzilla
CVE-2015-8124 CVE-2015-8125 php-symfony: Session fixation and remote timing attack vulnerabilities [epel-all]2015-11-25
CVE-2015-8124 — Session Fixation in Symfony Security | cvebase