CVE-2015-8124
LOW3.1EPSS 0.30%symfony - security update
發布日:2022/5/14修改日:2026/5/27
描述
Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id.
受影響套件(5)
- Debian/symfonyfrom 0, < 2.7.7+dfsg-1
- Debian/symfonyfrom 0, < 2.3.21+dfsg-4+deb8u2
- Packagist/symfony/security>= 2.3.0, < 2.3.35
- Packagist/symfony/security-http>= 2.4.0, < 2.6.12
- Packagist/symfony/symfony>= 2.3.0, < 2.3.35
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
參考連結(14)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-8124
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-8124
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html
- WEBhttp://seclists.org/fulldisclosure/2015/Dec/89
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8124.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8124.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8124.yaml
- WEBhttps://github.com/symfony/symfony/pull/16631
- WEBhttps://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature
- WEBhttps://symfony.com/cve-2015-8124
- WEBhttps://web.archive.org/web/20201209020014/http://www.securityfocus.com/archive/1/537183/100/0/threaded
- WEBhttps://web.archive.org/web/20210125123853/http://www.securityfocus.com/bid/77694
- WEBhttp://www.debian.org/security/2015/dsa-3402