exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2015-4050

около 10 лет назад

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.

CVSS2: 4.3

EPSS: Высокий

CVE-2015-4050

около 10 лет назад

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.

CVSS2: 4.3

EPSS: Высокий

CVE-2015-4050

около 10 лет назад

FragmentListener in the HttpKernel component in Symfony 2.3.19 through ...

CVSS2: 4.3

EPSS: Высокий

GHSA-qmqw-mpqp-mr54

около 3 лет назад

Symfony Incorrect Access Control

EPSS: Высокий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2015-4050 FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.	CVSS2: 4.3	76% Высокий	около 10 лет назад
CVE-2015-4050 FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.	CVSS2: 4.3	76% Высокий	около 10 лет назад
CVE-2015-4050 FragmentListener in the HttpKernel component in Symfony 2.3.19 through ...	CVSS2: 4.3	76% Высокий	около 10 лет назад
GHSA-qmqw-mpqp-mr54 Symfony Incorrect Access Control		76% Высокий	около 3 лет назад

Уязвимостей на страницу