CVE-2015-2308

Опубликовано: 24 июн. 2015

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element.

Ссылки

http://jvn.jp/en/jp/JVN19578958/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089
Vendor Advisory
http://www.securityfocus.com/bid/75357
https://symfony.com/blog/cve-2015-2308-esi-code-injection
Patch
Vendor Advisory
http://jvn.jp/en/jp/JVN19578958/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089
Vendor Advisory
http://www.securityfocus.com/bid/75357
https://symfony.com/blog/cve-2015-2308-esi-code-injection
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.20:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.21:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.0.22:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.1.6:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.1.7:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.2.10:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.2.11:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.3.19:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.3.20:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.3.21:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.3.22:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.3.23:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.3.24:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.3.25:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.3.26:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.4.3:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.4.4:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.4.5:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.4.6:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.4.7:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.4.8:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.4.9:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.4.10:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.5.4:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.5.6:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.5.7:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.5.8:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.5.9:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.5.10:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:sensiolabs:symfony:2.6.5:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00543

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

CVE-2015-2308

ubuntu

почти 10 лет назад

CVE-2015-2308

debian

почти 10 лет назад

Eval injection vulnerability in the HttpCache class in HttpKernel in S ...

GHSA-5c58-w9xc-qcj9

github

около 3 лет назад

Symfony Vulnerable to PHP Eval Injection

EPSS

Процентиль: 67%

0.00543

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-94