Podatność CVE-2013-4752
Publikacja: 2020-01-02

Opis:
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.

Typ:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
4.3/10
2.9/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Częściowy
Brak
Affected software
Sensiolabs -> Symfony 
Fedoraproject -> Fedora 

 Referencje:
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html
http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
http://www.securityfocus.com/bid/61715
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752
https://exchange.xforce.ibmcloud.com/vulnerabilities/86365
https://exchange.xforce.ibmcloud.com/vulnerabilities/86366
https://exchange.xforce.ibmcloud.com/vulnerabilities/86367
https://exchange.xforce.ibmcloud.com/vulnerabilities/86368
https://exchange.xforce.ibmcloud.com/vulnerabilities/86369
https://exchange.xforce.ibmcloud.com/vulnerabilities/86370
https://exchange.xforce.ibmcloud.com/vulnerabilities/86371
https://exchange.xforce.ibmcloud.com/vulnerabilities/86372
https://exchange.xforce.ibmcloud.com/vulnerabilities/86373
https://exchange.xforce.ibmcloud.com/vulnerabilities/86374
Copyright 2024, cxsecurity.com

 

Back to Top