Vulnerability Description
Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sensiolabs | Symfony | 2.3.0 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.h
- http://seclists.org/fulldisclosure/2015/Dec/89
- http://www.debian.org/security/2015/dsa-3402
- http://www.securityfocus.com/archive/1/537183/100/0/threaded
- http://www.securityfocus.com/bid/77694
- https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-loginVendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.h
- http://seclists.org/fulldisclosure/2015/Dec/89
- http://www.debian.org/security/2015/dsa-3402
- http://www.securityfocus.com/archive/1/537183/100/0/threaded
- http://www.securityfocus.com/bid/77694
- https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-loginVendor Advisory
FAQ
What is CVE-2015-8124?
CVE-2015-8124 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a sessi...
How severe is CVE-2015-8124?
CVE-2015-8124 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8124?
Check the references section above for vendor advisories and patch information. Affected products include: Sensiolabs Symfony.