5

CVE-2013-5750

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Friends Of Symfony ProjectFosuserbundle Update- Edition- SwEdition- SwPlatformsymfony Version <= 1.3.2
Friends Of Symfony ProjectFosuserbundle Version1.0.0 Update- Edition- SwEdition- SwPlatformsymfony
Friends Of Symfony ProjectFosuserbundle Version1.1.0 Update- Edition- SwEdition- SwPlatformsymfony
Friends Of Symfony ProjectFosuserbundle Version1.2.0 Update- Edition- SwEdition- SwPlatformsymfony
Friends Of Symfony ProjectFosuserbundle Version1.2.1 Update- Edition- SwEdition- SwPlatformsymfony
Friends Of Symfony ProjectFosuserbundle Version1.2.3 Update- Edition- SwEdition- SwPlatformsymfony
Friends Of Symfony ProjectFosuserbundle Version1.2.4 Update- Edition- SwEdition- SwPlatformsymfony
Friends Of Symfony ProjectFosuserbundle Version1.2.5 Update- Edition- SwEdition- SwPlatformsymfony
Friends Of Symfony ProjectFosuserbundle Version1.3.0 Update- Edition- SwEdition- SwPlatformsymfony
Friends Of Symfony ProjectFosuserbundle Version1.3.1 Update- Edition- SwEdition- SwPlatformsymfony
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.47% 0.618
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P