CVE-2014-5244

Name of the Vulnerable Software and Affected Versions Symfony HttpFoundation component versions 2.0.X through 2.5.X

Description This issue allows for a Denial of Service (DoS) attack when an arbitrarily long hostname is sent by a client. The parsing of the hostname in the Request::getHost() function can be exploited due to the way the hostname is validated via a regular expression.

Recommendations For versions 2.3.X, update to version 2.3.19 or later. For versions 2.4.X, update to version 2.4.9 or later. For versions 2.5.X, update to version 2.5.4 or later. For versions 2.0.X, 2.1.X, and 2.2.X, no fixes are provided as these versions are not maintained anymore. As a temporary workaround for these versions, consider modifying the regular expression used to parse and validate the hostname to avoid too much sensitivity to the submitted value length.