Lucene search
Veracode Vulnerability DatabaseVERACODE:4750HistoryJul 27, 2017 - 6:42 a.m.
Session Fixation
2017-07-2706:42:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.015 Low
EPSS
Percentile
87.2%
Symfony is vulnerable to session fixation attacks. An attacker can impersonate another user if the user’s previous session ID is known to the attacker and the remember me login feature was used.
| CPE | Name | Operator | Version |
|---|---|---|---|
| symfony/symfony | le | 2.7.6 | |
| symfony/symfony | le | 2.5.12 | |
| symfony/symfony | le | 2.6.11 | |
| symfony/symfony | le | 2.3.34 |
References
lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html
lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html
seclists.org/fulldisclosure/2015/Dec/89
www.debian.org/security/2015/dsa-3402
www.securityfocus.com/archive/1/537183/100/0/threaded
www.securityfocus.com/bid/77694
github.com/symfony/symfony/pull/16631
symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature
Related
osv
osv
Symfony Session Fixation Vulnerability
2022-05-14 02:47:28
symfony - security update
2015-11-24 00:00:00
friendsofphp
friendsofphp
CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature
2015-11-23 11:45:06
CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature
2015-11-23 11:45:06
CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature
2015-11-23 11:45:06
ubuntucve
ubuntucve
CVE-2015-8124
2015-12-07 00:00:00
cve
cve
CVE-2015-8124
2015-12-07 20:59:14
prion
prion
Session fixation
2015-12-07 20:59:00
nvd
nvd
CVE-2015-8124
2015-12-07 20:59:14
symfony
symfony
CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature
2015-11-23 00:00:00
github
github
Symfony Session Fixation Vulnerability
2022-05-14 02:47:28
debiancve
debiancve
CVE-2015-8124
2015-12-07 20:59:14
cvelist
cvelist
CVE-2015-8124
2015-12-07 20:00:00
nessus
nessus
Debian DSA-3402-1 : symfony - security update
2015-11-25 00:00:00
debian
debian
[SECURITY] [DSA 3402-1] symfony security update
2015-11-24 18:22:12
[SECURITY] [DSA 3402-1] symfony security update
2015-11-24 18:22:12
openvas
openvas
Fedora Update for php-twig FEDORA-2015-0
2015-12-06 00:00:00
Fedora Update for php-symfony FEDORA-2015-0
2015-12-06 00:00:00
Debian Security Advisory DSA 3402-1 (symfony - security update)
2015-11-24 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: php-symfony-2.7.7-2.fc23
2015-12-06 01:27:18
[SECURITY] Fedora 22 Update: php-twig-1.23.1-2.fc22
2015-12-06 03:21:30
[SECURITY] Fedora 23 Update: php-twig-1.23.1-2.fc23
2015-12-06 01:27:18