CVE-2014-6061

Name of the Vulnerable Software and Affected Versions Symfony HttpFoundation component versions 2.0.X through 2.5.X

Description The issue arises when an application uses HTTP basic or digest authentication, and the Authorization header is not parsed properly by Symfony, potentially allowing exploitation in certain server setups. No exploits have been demonstrated.

Recommendations For versions 2.3.X, update to version 2.3.19 or later. For versions 2.4.X, update to version 2.4.9 or later. For versions 2.5.X, update to version 2.5.4 or later. For versions 2.0.X, 2.1.X, and 2.2.X, no fixes are provided as these versions are no longer maintained. As a temporary workaround, consider restricting the use of HTTP basic or digest authentication until a patch is available.