4.3

CVE-2012-2667

Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SensiolabsSymfony Version <= 1.4.17
SensiolabsSymfony Version1.4.0
SensiolabsSymfony Version1.4.0 Updaterc1
SensiolabsSymfony Version1.4.0 Updaterc2
SensiolabsSymfony Version1.4.1
SensiolabsSymfony Version1.4.2
SensiolabsSymfony Version1.4.3
SensiolabsSymfony Version1.4.4
SensiolabsSymfony Version1.4.5
SensiolabsSymfony Version1.4.6
SensiolabsSymfony Version1.4.7
SensiolabsSymfony Version1.4.8
SensiolabsSymfony Version1.4.9
SensiolabsSymfony Version1.4.10
SensiolabsSymfony Version1.4.11
SensiolabsSymfony Version1.4.12
SensiolabsSymfony Version1.4.13
SensiolabsSymfony Version1.4.14
SensiolabsSymfony Version1.4.15
SensiolabsSymfony Version1.4.16
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.35% 0.678
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/49312
Vendor Advisory
http://symfony.com/blog/security-release-symfony-1-4-18-released
Vendor Advisory
http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
http://www.openwall.com/lists/oss-security/2012/06/04/1
http://www.openwall.com/lists/oss-security/2012/06/05/2
http://www.securityfocus.com/bid/53776
https://exchange.xforce.ibmcloud.com/vulnerabilities/76027