CVE-2012-2667

Published Jun 7, 2012

Last updated 7 years ago

CVSS info 4.3

Overview

Description: Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F2CC4DC-C123-4285-BFD2-3AA0ED61F575",
            "versionEndIncluding": "1.4.17"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4F1040D-AFBA-4A73-AC13-8504A0625AEF"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84094B27-A701-4978-91D7-587AF314B6AA"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79B1B57C-DE96-4ECB-AD92-F52667FC4E18"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78201955-7DCB-4FA2-B745-67DDE420BB2C"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4680367-B5EA-4593-8F72-0E4C1EAA30AA"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF0B4301-FF9E-4C02-8E0F-42C25831EC99"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A4C4F47-4DEB-45A0-BD05-245079D1A914"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3356E269-D119-4130-92A5-A8DBA0FAB738"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0F0D5B3-00CE-4A86-9063-14B150CB973A"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FBC37A5-5ABA-4A1B-9CF8-E10D74B603C8"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AC08043-3427-4F2F-BE15-9800AD5DE6B2"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E73B1AE-6AAE-4862-89D5-E58F3FEF474F"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82BF2472-CD81-4578-8FE4-52BEF395FD8D"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2143A607-79CE-4D2D-BE8E-3F3F164733B5"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1A59CD0-89BC-461C-B7D7-74CB94C2EF15"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3197A9BD-E102-4397-932F-BB3ED97937AF"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FEB7732-879C-4C82-82F4-89C4D37A53C2"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "729995D3-4D28-4ECF-9A2B-61EF87F8A766"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:1.4.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BCCFEAB-1CBE-4EF6-9DB0-D614D349A6E3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References