CVE-2013-4752

Sažetak

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html
http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
http://www.securityfocus.com/bid/61715
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752
https://exchange.xforce.ibmcloud.com/vulnerabilities/86365
https://exchange.xforce.ibmcloud.com/vulnerabilities/86366
https://exchange.xforce.ibmcloud.com/vulnerabilities/86367
https://exchange.xforce.ibmcloud.com/vulnerabilities/86368
https://exchange.xforce.ibmcloud.com/vulnerabilities/86369
https://exchange.xforce.ibmcloud.com/vulnerabilities/86370
https://exchange.xforce.ibmcloud.com/vulnerabilities/86371
https://exchange.xforce.ibmcloud.com/vulnerabilities/86372
https://exchange.xforce.ibmcloud.com/vulnerabilities/86373
https://exchange.xforce.ibmcloud.com/vulnerabilities/86374

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

10-01-2020 - 19:25

Objavljeno

02-01-2020 - 17:15