Vulnerability in Sensiolabs Symfony
CVE-2015-8124
Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id.
EPSS: 0.003 (54.0th percentile) — read the EPSS interpretation.
Affected products
- Sensiolabs Symfony — versions 2.3.0, 2.3.1, 2.3.2
- N/a — versions n/a
References
- FEDORA-2015-0efcb5fbc5 (x_refsource_FEDORA, vendor-advisory)
- 20151222 [RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality (mailing-list, x_refsource_BUGTRAQ)
- FEDORA-2015-0b89738311 (x_refsource_FEDORA, vendor-advisory)
- DSA-3402 (vendor-advisory, x_refsource_DEBIAN)
- 77694 (vdb-entry, x_refsource_BID)
- 20151222 [RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality (mailing-list, x_refsource_FULLDISC)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)