CVE-2015-8124

Sažetak

Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html
http://seclists.org/fulldisclosure/2015/Dec/89
http://www.debian.org/security/2015/dsa-3402
http://www.securityfocus.com/archive/1/537183/100/0/threaded
http://www.securityfocus.com/bid/77694
https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-10-2018 - 19:58

Objavljeno

07-12-2015 - 20:59