CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-16652
https://notcve.org/view.php?id=CVE-2017-16652
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks. Se ha descubierto un problema en Symfony en versiones 2.7.x anteriores a la 2.7.38, versiones 2.8.x anteriores a la 2.8.31, versiones 3.2.x anteriores a la 3.2.14 y versiones 3.3.x anteriores a la 3.3.13. DefaultAuthenticationSuccessHandler o DefaultAuthenticationFailureHandler toman el contenido del parámetro _target_path y generan una respuesta de redirección, pero no se realiza una comprobación de ruta, que puede ser una URL absoluta o un dominio externo. • https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-11408
https://notcve.org/view.php?id=CVE-2018-11408
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652. Los gestores de seguridad en el componente Security en Symfony en versiones 2.7.x anteriores a la 2.7.48, versiones 2.8.x anteriores a la 2.8.41, versiones 3.3.x anteriores a la 3.3.17, versiones 3.4.x anteriores a la 3.4.11 y versiones 4.0.x anteriores a la 4.0.11 tienen una vulnerabilidad de redirección abierta cuando security.http_utils ha sido insertado por un contenedor. NOTA: este problema existe debido a una solución incompleta para CVE-2017-16652. • https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-12040 – SensioLabs Symfony 3.3.6 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-12040
Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues). ** EN DISPUTA ** Vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el generador de perfiles web en Symfony 3.3.6, de SensioLabs, permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro "file". Esto también se conoce como URI _profiler/open?file=. • http://packetstormsecurity.com/files/148125/SensioLabs-Symfony-3.3.6-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/542071/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •