PT-2012-4168 · Sensiolabs · Symfony

Jan Lieskovsky

Published

2012-06-07

Updated

2017-08-29

CVE-2012-2667

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SensioLabs Symfony versions prior to 1.4.18

Description The issue concerns a session fixation vulnerability. It allows remote attackers to hijack web sessions, specifically through vectors related to the regenerate method and certain database backed session classes.

Recommendations For versions prior to 1.4.18, update to version 1.4.18 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2012-2667

Affected Products

Symfony

PT-2012-4168 · Sensiolabs · Symfony

CVE-2012-2667

Related Identifiers

Affected Products

References · 9