Lucene search

K

PRIOn knowledge basePRION:CVE-2015-8124

HistoryDec 07, 2015 - 8:59 p.m.

Session fixation

2015-12-0720:59:00

PRIOn knowledge base

www.prio-n.com

5

6.9 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

87.2%

Session fixation vulnerability in the “Remember Me” login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id.

CPENameOperatorVersion
symfonyeq2.3.21
symfonyeq2.3.14
symfonyeq2.7.5
symfonyeq2.7.4
symfonyeq2.3.27
symfonyeq2.3.0
symfonyeq2.7.1
symfonyeq2.3.15
symfonyeq2.3.6
symfonyeq2.6.1

Rows per page:

1-10 of 541

References

seclists.org/fulldisclosure/2015/Dec/89

www.debian.org/security/2015/dsa-3402

www.securityfocus.com/archive/1/537183/100/0/threaded

www.securityfocus.com/bid/77694

lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html

lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html

symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature

6.9 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

87.2%

Related for PRION:CVE-2015-8124

symfony1 friendsofphp3 github1 nvd1 cve1 osv2 debiancve1 cvelist1 veracode1 ubuntucve1 openvas4 nessus3 debian2 fedora4