Описание
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.
Ссылки
- Third Party Advisory
- Third Party Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.0 (включая) до 2.0.24 (исключая)Версия от 2.1.0 (включая) до 2.1.12 (исключая)Версия от 2.2.0 (включая) до 2.2.5 (исключая)Версия от 2.3.0 (включая) до 2.3.3 (исключая)
Одно из
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00928
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
около 3 лет назад
Symfony Host Header Injection vulnerability in the HttpFoundation component
EPSS
Процентиль: 75%
0.00928
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79