Unrated severityNVD Advisory· Published Jun 7, 2012· Updated Apr 29, 2026
CVE-2012-2667
CVE-2012-2667
Description
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
Affected products
20cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*range: <=1.4.17
- cpe:2.3:a:sensiolabs:symfony:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:1.4.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- secunia.com/advisories/49312nvdVendor Advisory
- symfony.com/blog/security-release-symfony-1-4-18-releasednvdVendor Advisory
- trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOGnvd
- www.openwall.com/lists/oss-security/2012/06/04/1nvd
- www.openwall.com/lists/oss-security/2012/06/05/2nvd
- www.securityfocus.com/bid/53776nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/76027nvd
News mentions
0No linked articles in our index yet.