CVE-2018-11385 — Session Fixation in Symfony
Severity
8.1HIGHNVD
EPSS
0.9%
top 24.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 13
Latest updateMay 14
Description
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9
Affected Packages5 packages
Also affects: Debian Linux 8.0, 9.0, Fedora 28
🔴Vulnerability Details
4📋Vendor Advisories
1Debian▶
CVE-2018-11385: symfony - An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48...↗2018
💬Community
6Bugzilla▶
CVE-2017-16652 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406 CVE-2018-11407 CVE-2018-11408 php-symfony4: php-symfony: Multiple flaws [fedora-all]↗2018-06-15
Bugzilla▶
CVE-2017-16652 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406 CVE-2018-11407 CVE-2018-11408 php-symfony-symfony: php-symfony: Multiple flaws [epel-6]↗2018-06-15
Bugzilla▶
CVE-2017-16652 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406 CVE-2018-11407 CVE-2018-11408 php-symfony3: php-symfony: Multiple flaws [fedora-all]↗2018-06-15
Bugzilla▶
CVE-2017-16652 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406 CVE-2018-11407 CVE-2018-11408 php-symfony: Multiple flaws↗2018-06-14
Bugzilla▶
CVE-2017-16652 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406 CVE-2018-11407 CVE-2018-11408 php-symfony: Multiple flaws [fedora-all]↗2018-06-14