Vulnerability in Sensiolabs Symfony

CVE-2012-2667

Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed sessi…

EPSS: 0.005 (67.1th percentile) — read the EPSS interpretation.

Affected products

Sensiolabs Symfony — versions 1.4.0, 1.4.1, 1.4.2
N/a — versions n/a

References

[oss-security] 20120604 CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)
53776 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
[oss-security] 20120605 Re: CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version (mailing-list, x_refsource_MLIST)
49312 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
symfony-session-hijacking(76027) (vdb-entry, x_refsource_XF)