7.5

CVE-2015-8125

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or (2) Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener class in the Symfony Security Component, or (3) legacy CSRF implementation from the Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider class in the Symfony Form component.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SensiolabsSymfony Version2.3.0
SensiolabsSymfony Version2.3.1
SensiolabsSymfony Version2.3.2
SensiolabsSymfony Version2.3.3
SensiolabsSymfony Version2.3.4
SensiolabsSymfony Version2.3.5
SensiolabsSymfony Version2.3.6
SensiolabsSymfony Version2.3.7
SensiolabsSymfony Version2.3.8
SensiolabsSymfony Version2.3.9
SensiolabsSymfony Version2.3.10
SensiolabsSymfony Version2.3.11
SensiolabsSymfony Version2.3.12
SensiolabsSymfony Version2.3.13
SensiolabsSymfony Version2.3.14
SensiolabsSymfony Version2.3.15
SensiolabsSymfony Version2.3.16
SensiolabsSymfony Version2.3.17
SensiolabsSymfony Version2.3.18
SensiolabsSymfony Version2.3.19
SensiolabsSymfony Version2.3.20
SensiolabsSymfony Version2.3.21
SensiolabsSymfony Version2.3.22
SensiolabsSymfony Version2.3.23
SensiolabsSymfony Version2.3.24
SensiolabsSymfony Version2.3.25
SensiolabsSymfony Version2.3.26
SensiolabsSymfony Version2.3.27
SensiolabsSymfony Version2.3.28
SensiolabsSymfony Version2.3.29
SensiolabsSymfony Version2.3.30
SensiolabsSymfony Version2.3.31
SensiolabsSymfony Version2.3.32
SensiolabsSymfony Version2.3.33
SensiolabsSymfony Version2.3.34
SensiolabsSymfony Version2.6.0
SensiolabsSymfony Version2.6.1
SensiolabsSymfony Version2.6.2
SensiolabsSymfony Version2.6.3
SensiolabsSymfony Version2.6.4
SensiolabsSymfony Version2.6.5
SensiolabsSymfony Version2.6.6
SensiolabsSymfony Version2.6.7
SensiolabsSymfony Version2.6.8
SensiolabsSymfony Version2.6.9
SensiolabsSymfony Version2.6.10
SensiolabsSymfony Version2.6.11
SensiolabsSymfony Version2.7.0
SensiolabsSymfony Version2.7.1
SensiolabsSymfony Version2.7.2
SensiolabsSymfony Version2.7.3
SensiolabsSymfony Version2.7.4
SensiolabsSymfony Version2.7.5
SensiolabsSymfony Version2.7.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.55% 0.83
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html
http://www.debian.org/security/2015/dsa-3402
http://www.securityfocus.com/bid/77692
https://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service
Patch
Vendor Advisory