ID de Prueba:	1.3.6.1.4.1.25623.1.0.807852
Categoría:	Web application abuses
Título:	Symphony CMS Session Fixation Vulnerability
Resumen:	Symphony CMS is prone to a session fixation vulnerability.
Descripción:	Summary: Symphony CMS is prone to a session fixation vulnerability. Vulnerability Insight: The flaw exists if the application is deployed using an insecure setup with a php.ini 'session.use_only_cookies' not enabled and due to an error in application which does not use or call 'session_regenerate_id' function upon successful user authentication. Vulnerability Impact: Successfully exploitation will allow remote attacker to preset any users PHPSESSID session identifier and access the affected application with the same level of access to that of the victim. Affected Software/OS: Symphony CMS version 2.6.7 Solution: Configure your PHP via the php.ini to enable 'session.use_only_cookies'. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4309 BugTraq ID: 91299 http://www.securityfocus.com/bid/91299 Bugtraq: 20160620 Symphony CMS v2.6.7 Session Fixation (Google Search) http://www.securityfocus.com/archive/1/538714/100/0/threaded https://www.exploit-db.com/exploits/39983/ http://hyp3rlinx.altervista.org/advisories/SYMPHONY-CMS-SESSION-FIXATION.txt http://packetstormsecurity.com/files/137551/Symphony-CMS-2.6.7-Session-Fixation.html
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.