CVE-2022-24894

MEDIUM

Symfony 2.0.0-4.4.49 - Session Fixation via HTTP Cache Set-Cookie Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-24894. PoCs published by moften.

AI-analyzed exploit summary This repository contains a Python-based scanner for detecting multiple vulnerabilities in Symfony applications, including CRLF injection, Host Header Injection, and exposed Symfony Profiler endpoints. It performs safe, non-invasive checks without attempting exploitation.

Description

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4.

Exploits (1)

nomisec SCANNER

by moften · poc

https://github.com/moften/Symfony-CVE-Scanner-PoC-

View Code ZIP pw:eip

This repository contains a Python-based scanner for detecting multiple vulnerabilities in Symfony applications, including CRLF injection, Host Header Injection, and exposed Symfony Profiler endpoints. It performs safe, non-invasive checks without attempting exploitation.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Symfony (various versions)

No auth needed

Prerequisites: Network access to the target Symfony application

MITRE ATT&CK

T1189 - Drive-by Compromise T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_confirm

https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv

Patch x_refsource_misc

https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb

View Patch ZIP pw:eip

Mailing List

https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html

Scores

CVSS v3 5.9

EPSS 0.0018

EPSS Percentile 39.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-285

Status published

Products (3)

sensiolabs/symfony 2.0.0 - 4.4.50

symfony/http-kernel 2.0.0 - 4.4.50Packagist

symfony/symfony 2.0.0 - 4.4.50Packagist

Published Feb 03, 2023

Tracked Since Feb 18, 2026