exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2018-11407

больше 7 лет назад

An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.

CVSS3: 9.8

EPSS: Низкий

CVE-2018-11407

больше 7 лет назад

An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.

CVSS3: 9.8

EPSS: Низкий

CVE-2018-11407

больше 7 лет назад

An issue was discovered in the Ldap component in Symfony 2.8.x before ...

CVSS3: 9.8

EPSS: Низкий

GHSA-35c5-28pg-2qg4

больше 3 лет назад

Symfony Authentication Bypass

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2018-11407 An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.	CVSS3: 9.8	0% Низкий	больше 7 лет назад
CVE-2018-11407 An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.	CVSS3: 9.8	0% Низкий	больше 7 лет назад
CVE-2018-11407 An issue was discovered in the Ldap component in Symfony 2.8.x before ...	CVSS3: 9.8	0% Низкий	больше 7 лет назад
GHSA-35c5-28pg-2qg4 Symfony Authentication Bypass	CVSS3: 9.8	0% Низкий	больше 3 лет назад

Уязвимостей на страницу