{"id":"CVE-2015-8124","details":"Session fixation vulnerability in the \"Remember Me\" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id.","aliases":["GHSA-j5jh-hpr4-h332"],"modified":"2026-04-10T03:46:30.573562Z","published":"2015-12-07T20:59:14Z","references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2015/dsa-3402"},{"type":"ADVISORY","url":"https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2015/Dec/89"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/537183/100/0/threaded"},{"type":"WEB","url":"http://www.securityfocus.com/bid/77694"}],"schema_version":"1.7.5"}