CVE-2012-2667

EUVD-2012-2650
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
sensiolabssymfony
𝑥
≤ 1.4.17
sensiolabssymfony
1.4.0
sensiolabssymfony
1.4.0:rc1
sensiolabssymfony
1.4.0:rc2
sensiolabssymfony
1.4.1
sensiolabssymfony
1.4.2
sensiolabssymfony
1.4.3
sensiolabssymfony
1.4.4
sensiolabssymfony
1.4.5
sensiolabssymfony
1.4.6
sensiolabssymfony
1.4.7
sensiolabssymfony
1.4.8
sensiolabssymfony
1.4.9
sensiolabssymfony
1.4.10
sensiolabssymfony
1.4.11
sensiolabssymfony
1.4.12
sensiolabssymfony
1.4.13
sensiolabssymfony
1.4.14
sensiolabssymfony
1.4.15
sensiolabssymfony
1.4.16
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
symfony
hardy
dne
lucid
ignored
natty
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
References
http://secunia.com/advisories/49312
http://symfony.com/blog/security-release-symfony-1-4-18-released
http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
http://www.openwall.com/lists/oss-security/2012/06/04/1
http://www.openwall.com/lists/oss-security/2012/06/05/2
http://www.securityfocus.com/bid/53776
https://exchange.xforce.ibmcloud.com/vulnerabilities/76027
http://secunia.com/advisories/49312
http://symfony.com/blog/security-release-symfony-1-4-18-released
http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
http://www.openwall.com/lists/oss-security/2012/06/04/1
http://www.openwall.com/lists/oss-security/2012/06/05/2
http://www.securityfocus.com/bid/53776
https://exchange.xforce.ibmcloud.com/vulnerabilities/76027