exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2018-11407

около 7 лет назад

An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.

CVSS3: 9.8

EPSS: Низкий

CVE-2018-11407

около 7 лет назад

An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.

CVSS3: 9.8

EPSS: Низкий

CVE-2018-11407

около 7 лет назад

An issue was discovered in the Ldap component in Symfony 2.8.x before ...

CVSS3: 9.8

EPSS: Низкий

GHSA-35c5-28pg-2qg4

около 3 лет назад

Symfony Authentication Bypass

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2018-11407 An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.	CVSS3: 9.8	0% Низкий	около 7 лет назад
CVE-2018-11407 An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.	CVSS3: 9.8	0% Низкий	около 7 лет назад
CVE-2018-11407 An issue was discovered in the Ldap component in Symfony 2.8.x before ...	CVSS3: 9.8	0% Низкий	около 7 лет назад
GHSA-35c5-28pg-2qg4 Symfony Authentication Bypass	CVSS3: 9.8	0% Низкий	около 3 лет назад

Уязвимостей на страницу