CVE-2015-8124
Published: 7 December 2015
Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id.
Priority
Status
Package | Release | Status |
---|---|---|
symfony Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(3.4.6+dfsg-1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.7.7+dfsg-1)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(2.7.10-0ubuntu2)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|