CVE-2013-4752
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.
Symfony versiones 2.0.X anteriores a 2.0.24, versiones 2.1.X anteriores a 2.1.12, versiones 2.2.X anteriores a 2.2.5 y versiones 2.3.X anteriores a 2.3.3, tienen un problema en el componente HttpFoundation. El atacante puede manipular el encabezado del host cuando el framework está generando una URL absoluta. Un atacante remoto podría explotar esta vulnerabilidad para inyectar contenido malicioso en la página de la aplicación Web y dirigir varios ataques.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-07-02 CVE Reserved
- 2020-01-02 CVE Published
- 2023-11-23 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (15)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released | 2020-01-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752 | 2020-01-10 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 2.0.0 < 2.0.24 Search vendor "Sensiolabs" for product "Symfony" and version " >= 2.0.0 < 2.0.24" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 2.1.0 < 2.1.12 Search vendor "Sensiolabs" for product "Symfony" and version " >= 2.1.0 < 2.1.12" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 2.2.0 < 2.2.5 Search vendor "Sensiolabs" for product "Symfony" and version " >= 2.2.0 < 2.2.5" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 2.3.0 < 2.3.3 Search vendor "Sensiolabs" for product "Symfony" and version " >= 2.3.0 < 2.3.3" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 18 Search vendor "Fedoraproject" for product "Fedora" and version "18" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 19 Search vendor "Fedoraproject" for product "Fedora" and version "19" | - |
Affected
| ||||||