Vulnerability Details : CVE-2012-2667
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
Exploit prediction scoring system (EPSS) score for CVE-2012-2667
Probability of exploitation activity in the next 30 days: 0.37%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2667
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2012-2667
-
http://www.securityfocus.com/bid/53776
Symfony 'regenerate()' Method Session Fixation Vulnerability
-
http://symfony.com/blog/security-release-symfony-1-4-18-released
Security Release: symfony 1.4.18 released (Symfony Blog)Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2012/06/05/2
oss-security - Re: CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/76027
Symfony session hijacking CVE-2012-2667 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2012/06/04/1
oss-security - CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version
-
http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
Symfony, High Performance PHP Framework for Web Development
Products affected by CVE-2012-2667
- cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.0:*:*:*:*:*:*:*