Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-2667

Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2012060...
MLIST: [oss-security] 2012060...
CONFIRM: http://symfony.com/blo...
CONFIRM: http://trac.symfony-pr...
BID: 53776
SECUNIA: 49312
XF: symfony-session-hijack...

Launchpad.net

CVE 2012-2667

Related bugs

References