1. CVE-Search
  2. CVE-2016-4309
ID CVE-2016-4309
Summary Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter. <a href="http://cwe.mitre.org/data/definitions/384.html">CWE-384: Session Fixation</a>
References
Vulnerable Configurations
  • cpe:2.3:a:getsymphony:symphony:2.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:getsymphony:symphony:2.6.7:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 27-08-2020 - 18:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
refmap via4
bid 91299
bugtraq 20160620 Symphony CMS v2.6.7 Session Fixation
confirm https://github.com/symphonycms/symphony-2/commit/b329a14adc40868965076a77210452e396243dcd
exploit-db 39983
misc
Last major update 27-08-2020 - 18:32
Published 30-06-2016 - 17:59
Last modified 27-08-2020 - 18:32
Back to Top