CVE-2012-2667

Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
sensiolabssymfony
𝑥
≤ 1.4.17
sensiolabssymfony
1.4.0
sensiolabssymfony
1.4.0:rc1
sensiolabssymfony
1.4.0:rc2
sensiolabssymfony
1.4.1
sensiolabssymfony
1.4.2
sensiolabssymfony
1.4.3
sensiolabssymfony
1.4.4
sensiolabssymfony
1.4.5
sensiolabssymfony
1.4.6
sensiolabssymfony
1.4.7
sensiolabssymfony
1.4.8
sensiolabssymfony
1.4.9
sensiolabssymfony
1.4.10
sensiolabssymfony
1.4.11
sensiolabssymfony
1.4.12
sensiolabssymfony
1.4.13
sensiolabssymfony
1.4.14
sensiolabssymfony
1.4.15
sensiolabssymfony
1.4.16
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
symfony
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
dne
lucid
ignored
hardy
dne
References
http://secunia.com/advisories/49312
http://symfony.com/blog/security-release-symfony-1-4-18-released
http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
http://www.openwall.com/lists/oss-security/2012/06/04/1
http://www.openwall.com/lists/oss-security/2012/06/05/2
http://www.securityfocus.com/bid/53776
https://exchange.xforce.ibmcloud.com/vulnerabilities/76027
http://secunia.com/advisories/49312
http://symfony.com/blog/security-release-symfony-1-4-18-released
http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
http://www.openwall.com/lists/oss-security/2012/06/04/1
http://www.openwall.com/lists/oss-security/2012/06/05/2
http://www.securityfocus.com/bid/53776
https://exchange.xforce.ibmcloud.com/vulnerabilities/76027