Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-14774

Опубликовано: 03 авг. 2018
Источник: ubuntu
Приоритет: medium
CVSS2: 5
CVSS3: 7.2

Описание

An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

not-affected

3.4.15+dfsg-2ubuntu4
devel

not-affected

3.4.15+dfsg-2ubuntu4
disco

not-affected

3.4.15+dfsg-2ubuntu4
eoan

not-affected

3.4.15+dfsg-2ubuntu4
esm-apps/bionic

needed

esm-apps/focal

not-affected

3.4.15+dfsg-2ubuntu4
esm-apps/jammy

not-affected

3.4.15+dfsg-2ubuntu4
esm-apps/noble

not-affected

3.4.15+dfsg-2ubuntu4
esm-apps/xenial

needed

Показывать по

Ссылки на источники

5 Medium

CVSS2

7.2 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-14774

CVSS3: 7.2
nvd
почти 7 лет назад

An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.

debian логотип

CVE-2018-14774

CVSS3: 7.2
debian
почти 7 лет назад

An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, ...

github логотип

GHSA-66p6-7p29-55p9

CVSS3: 7.2
github
около 3 лет назад

Symfony Host Header Injection

5 Medium

CVSS2

7.2 High

CVSS3