Ubuntu.comUB:CVE-2012-2667CVE-2012-2667
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.2%
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in
SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web
sessions via vectors related to the regenerate method and unspecified
“database backed session classes.”
References
secunia.com/advisories/49312
symfony.com/blog/security-release-symfony-1-4-18-released
trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
trac.symfony-project.org/changeset/33466?format=diff&new=33466
www.openwall.com/lists/oss-security/2012/06/04/1
www.openwall.com/lists/oss-security/2012/06/05/2
xforce.iss.net/xforce/xfdb/76027
bugs.gentoo.org/show_bug.cgi?id=418427
launchpad.net/bugs/cve/CVE-2012-2667
nvd.nist.gov/vuln/detail/CVE-2012-2667
security-tracker.debian.org/tracker/CVE-2012-2667
www.cve.org/CVERecord?id=CVE-2012-2667
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.2%