CVE-2015-8124 Information

Description

Session fixation vulnerability in the \Remember Me\ login feature in Symfony 2.3.x before 2.3.35 2.6.x before 2.6.12 and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html http://seclists.org/fulldisclosure/2015/Dec/89 http://www.debian.org/security/2015/dsa-3402 http://www.securityfocus.com/archive/1/537183/100/0/threaded http://www.securityfocus.com/bid/77694 https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature