CVE-2012-2667

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/06/2012
Last modified:
11/04/2025

Description

Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* 1.4.17 (including)
cpe:2.3:a:sensiolabs:symfony:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:1.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:1.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:1.4.11:*:*:*:*:*:*:*