CVE-2012-2667

Published: Jun 7, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."

Affected (20)

Products: Sensiolabs: Symfony

Sensiolabs

1 product

Symfony

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Sensiolabs Symfony	Up to 1.4.17
Sensiolabs Symfony	Version 1.4.0
Sensiolabs Symfony	Version 1.4.0 rc1
Sensiolabs Symfony	Version 1.4.0 rc2
Sensiolabs Symfony	Version 1.4.10
Sensiolabs Symfony	Version 1.4.11
Sensiolabs Symfony	Version 1.4.12
Sensiolabs Symfony	Version 1.4.13
Sensiolabs Symfony	Version 1.4.14
Sensiolabs Symfony	Version 1.4.15
Sensiolabs Symfony	Version 1.4.16
Sensiolabs Symfony	Version 1.4.1
Sensiolabs Symfony	Version 1.4.2
Sensiolabs Symfony	Version 1.4.3
Sensiolabs Symfony	Version 1.4.4
Sensiolabs Symfony	Version 1.4.5
Sensiolabs Symfony	Version 1.4.6
Sensiolabs Symfony	Version 1.4.7
Sensiolabs Symfony	Version 1.4.8
Sensiolabs Symfony	Version 1.4.9