PT-2015-6398 · Symfony · Symfony
Jakub Zalas
·
Published
2015-05-31
·
Updated
2022-05-17
·
CVE-2015-4050
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Symfony versions 2.3.19 through 2.3.28
Symfony versions 2.4.9 through 2.4.10
Symfony versions 2.5.4 through 2.5.11
Symfony versions 2.6.0 through 2.6.7
Description
The issue allows remote attackers to bypass URL signing and security rules by including no hash or an invalid hash in a request to the
/ fragment endpoint when ESI or SSI support is enabled. This occurs because the FragmentListener in the HttpKernel component does not check if the controller attribute is set.Recommendations
For Symfony versions 2.3.19 through 2.3.28, update to version 2.3.29 to resolve the issue.
For Symfony versions 2.4.9 through 2.4.10, there is no fix available as this version is not maintained anymore.
For Symfony versions 2.5.4 through 2.5.11, update to version 2.5.12 to resolve the issue.
For Symfony versions 2.6.0 through 2.6.7, update to version 2.6.8 to resolve the issue.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Symfony