6.1
CVE-2013-4752
- EPSS 2.31%
- Veröffentlicht 02.01.2020 17:15:10
- Zuletzt bearbeitet 21.11.2024 01:56:18
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sensiolabs ≫ Symfony Version >= 2.0.0 < 2.0.24
Sensiolabs ≫ Symfony Version >= 2.1.0 < 2.1.12
Sensiolabs ≫ Symfony Version >= 2.2.0 < 2.2.5
Sensiolabs ≫ Symfony Version >= 2.3.0 < 2.3.3
Fedoraproject ≫ Fedora Version18
Fedoraproject ≫ Fedora Version19
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.31% | 0.812 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html
http://www.securityfocus.com/bid/61715
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752
https://exchange.xforce.ibmcloud.com/vulnerabilities/86365
https://exchange.xforce.ibmcloud.com/vulnerabilities/86366
https://exchange.xforce.ibmcloud.com/vulnerabilities/86367
https://exchange.xforce.ibmcloud.com/vulnerabilities/86368
https://exchange.xforce.ibmcloud.com/vulnerabilities/86369
https://exchange.xforce.ibmcloud.com/vulnerabilities/86370
https://exchange.xforce.ibmcloud.com/vulnerabilities/86371
https://exchange.xforce.ibmcloud.com/vulnerabilities/86372
https://exchange.xforce.ibmcloud.com/vulnerabilities/86373
https://exchange.xforce.ibmcloud.com/vulnerabilities/86374