admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2015/CVE-2015-40xx/CVE-2015-4050.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

260 lines
9.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2015-4050",
"sourceIdentifier": "cve@mitre.org",
"published": "2015-06-02T14:59:12.253",
"lastModified": "2024-11-21T02:30:21.597",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment."
},
{
"lang": "es",
"value": "FragmentListener en el componente HttpKernel en Symfony 2.3.19 hasta 2.3.28, 2.4.9 hasta 2.4.10, 2.5.4 hasta 2.5.11, y 2.6.0 hasta 2.6.7, cuando ek soporte ESI o SSI est\u00e1 habilitado, no comprueba si el atributo _controller esta configurado, lo que permite a atacantes remotos evadir la firma de URLs y las reglas de seguridad mediante la inclusi\u00f3n de (1) ning\u00fan hash o (2) un hash inv\u00e1lido en una solicitud a /_fragment."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"baseScore": 4.3,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5B629031-7AC2-4918-9FEC-C9D26EBB0161"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "397E0404-9856-45C1-B12D-058E84F3FA3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EC987B-3C4D-4575-9BC8-9AFB794A20E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "DE17FB48-06AA-4275-9F3A-0CF008C9C86B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "39F81F64-CCF2-4CB1-9504-153267839BEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1244EA-78F7-4501-9E42-52C77CE37963"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCD0661-41FA-4F89-A1D8-C50BE232D36D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC87263-68E3-4BF8-8ED7-C40CC2F8CE2A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "51A66842-7423-49F0-9FD3-64B7DE146F30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "68CBB5C6-C707-43E9-AFC5-467E376D9218"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE35E75-315C-472B-B8C3-4E9AF9C5421F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "360EFC8C-6FD2-48B1-A3E9-C16867B05F17"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97E35964-8D47-4146-AF91-C5EC0A8E1801"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "01076190-7FDF-4A9C-99C9-A1F153BFFA09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8D6EBF05-F0C6-4B36-8B5E-BF1793364AE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE1BB71-C1E8-4957-B5A6-E7B24A3FEC76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BD415B94-A1DA-4483-8F39-56BDF805A7DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAC5594-43BE-4DA4-9420-C070F6C5C77C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCA2A46-50CD-4C31-836C-F9D922810D3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3EAA905B-96B5-41AF-A732-530666DE3D68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F13A190-1F97-4D7B-826A-E976934AE82B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27770F28-584A-48E1-B885-6C6D17F546ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C177DF32-F356-483C-82E5-8FCC68D89A74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D9461C-A049-48EC-BB3E-FD3212C82795"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7EF330-714D-42E4-A2CF-406B84F3945B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2D86A4FF-9BD2-4B3D-A2CE-E9200A4EC690"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6667BA-5A82-480B-AD9B-0E4CD0188458"
}
]
}
]
}
],
"references": [
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159513.html",
"source": "cve@mitre.org"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159603.html",
"source": "cve@mitre.org"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159610.html",
"source": "cve@mitre.org"
},
{
"url": "http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.debian.org/security/2015/dsa-3276",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/74928",
"source": "cve@mitre.org"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159513.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159603.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159610.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.debian.org/security/2015/dsa-3276",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.securityfocus.com/bid/74928",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink