Detections
Analytics

CVE-2015-4050

medium

Description

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.

References

http://www.securityfocus.com/bid/74928

http://www.debian.org/security/2015/dsa-3276

http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access

http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159610.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159603.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159513.html

Details

Source: Mitre, NVD

Published: 2015-06-02

Updated: 2016-12-31

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: Medium