QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2667

Published: Jun 7, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20120604 CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version

mailing-list

x_refsource_MLIST

http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://symfony.com/blog/security-release-symfony-1-4-18-released

x_refsource_CONFIRM

[oss-security] 20120605 Re: CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

symfony-session-hijacking(76027)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.