CVE-2018-11385
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
Se ha descubierto un problema en el componente Security en Symfony en versiones 2.7.x anteriores a la 2.7.48, versiones 2.8.x anteriores a la 2.8.41, versiones 3.3.x anteriores a la 3.3.17, versiones 3.4.x anteriores a la 3.4.11 y versiones 4.0.x anteriores a la 4.0.11. Una vulnerabilidad de fijación de sesión en la característica de inicio de sesión "Guard" podría permitir que un atacante suplante a una víctima en la aplicación web si el valor de ID de sesión ya era anteriormente conocido para el atacante.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-22 CVE Reserved
- 2018-06-13 CVE Published
- 2024-01-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-384: Session Fixation
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 2.7.0 < 2.7.48 Search vendor "Sensiolabs" for product "Symfony" and version " >= 2.7.0 < 2.7.48" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 2.8.0 < 2.8.41 Search vendor "Sensiolabs" for product "Symfony" and version " >= 2.8.0 < 2.8.41" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 3.3.0 < 3.3.17 Search vendor "Sensiolabs" for product "Symfony" and version " >= 3.3.0 < 3.3.17" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 3.4.0 < 3.4.11 Search vendor "Sensiolabs" for product "Symfony" and version " >= 3.4.0 < 3.4.11" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 4.0.0 < 4.0.11 Search vendor "Sensiolabs" for product "Symfony" and version " >= 4.0.0 < 4.0.11" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 28 Search vendor "Fedoraproject" for product "Fedora" and version "28" | - |
Affected
| ||||||