CVE-2012-2667
N/A
N/A
Summary
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2012/06/04/1
- http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
- http://www.securityfocus.com/bid/53776
- http://symfony.com/blog/security-release-symfony-1-4-18-released
- http://www.openwall.com/lists/oss-security/2012/06/05/2
- http://secunia.com/advisories/49312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76027
References
- http://www.openwall.com/lists/oss-security/2012/06/04/1
- http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
- http://www.securityfocus.com/bid/53776
- http://symfony.com/blog/security-release-symfony-1-4-18-released
- http://www.openwall.com/lists/oss-security/2012/06/05/2
- http://secunia.com/advisories/49312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76027
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.