6.1

CVE-2013-4752

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SensiolabsSymfony Version >= 2.0.0 < 2.0.24
SensiolabsSymfony Version >= 2.1.0 < 2.1.12
SensiolabsSymfony Version >= 2.2.0 < 2.2.5
SensiolabsSymfony Version >= 2.3.0 < 2.3.3
FedoraprojectFedora Version18
FedoraprojectFedora Version19
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.31% 0.812
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
Patch
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html
Third Party Advisory
http://www.securityfocus.com/bid/61715
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752
Patch
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/86365
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86366
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86367
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86368
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86369
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86370
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86371
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86372
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86373
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86374
Third Party Advisory
VDB Entry