CVE-2012-2667
6.4 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.2%
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified “database backed session classes.”
References
secunia.com/advisories/49312
symfony.com/blog/security-release-symfony-1-4-18-released
trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
www.openwall.com/lists/oss-security/2012/06/04/1
www.openwall.com/lists/oss-security/2012/06/05/2
www.securityfocus.com/bid/53776
exchange.xforce.ibmcloud.com/vulnerabilities/76027
Related
6.4 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.2%