1. CVE-Search
  2. CVE-2012-2667
ID CVE-2012-2667
Summary Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
References
Vulnerable Configurations
  • cpe:2.3:a:sensiolabs:symfony:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.16:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:sensiolabs:symfony:1.4.17:*:*:*:*:*:*:*
    cpe:2.3:a:sensiolabs:symfony:1.4.17:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 29-08-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 53776
confirm
mlist
  • [oss-security] 20120604 CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version
  • [oss-security] 20120605 Re: CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version
secunia 49312
xf symfony-session-hijacking(76027)
Last major update 29-08-2017 - 01:31
Published 07-06-2012 - 19:55
Last modified 29-08-2017 - 01:31
Back to Top