CVE-2015-8125

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or (2) Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener class in the Symfony Security Component, or (3) legacy CSRF implementation from the Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider class in the Symfony Form component.

Symfony 2.3.x en versiones anteriores a 2.3.35, 2.6.x en versiones anteriores a 2.6.12 y 2.7.x en versiones anteriores a 2.7.7 podría permitir a atacantes remotos tener un impacto no especificado a través de un ataque de sincronización involucrando las clases (1) Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices o (2) Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener en la implementación Symfony Security Component o la implementación de (3) legacy CSRF de la clase Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider en el componente Symfony Form.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-11-12 CVE Reserved
2015-11-24 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
http://www.securityfocus.com/bid/77692	Vdb Entry

URL	Date	SRC

URL	Date	SRC
https://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service	2016-12-07

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html	2016-12-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html	2016-12-07
http://www.debian.org/security/2015/dsa-3402	2016-12-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.0 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.0"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.1 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.1"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.2 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.2"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.3 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.3"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.4 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.4"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.5 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.5"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.6 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.6"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.7 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.7"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.8 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.8"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.9 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.9"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.10 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.10"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.11 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.11"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.12 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.12"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.13 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.13"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.14 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.14"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.15 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.15"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.16 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.16"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.17 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.17"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.18 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.18"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.19 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.19"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.20 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.20"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.21 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.21"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.22 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.22"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.23 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.23"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.24 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.24"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.25 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.25"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.26 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.26"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.27 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.27"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.28 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.28"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.29 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.29"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.30 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.30"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.31 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.31"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.32 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.32"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.33 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.33"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.3.34 Search vendor "Sensiolabs" for product "Symfony" and version "2.3.34"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.6.0 Search vendor "Sensiolabs" for product "Symfony" and version "2.6.0"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.6.1 Search vendor "Sensiolabs" for product "Symfony" and version "2.6.1"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.6.2 Search vendor "Sensiolabs" for product "Symfony" and version "2.6.2"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.6.3 Search vendor "Sensiolabs" for product "Symfony" and version "2.6.3"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.6.4 Search vendor "Sensiolabs" for product "Symfony" and version "2.6.4"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.6.5 Search vendor "Sensiolabs" for product "Symfony" and version "2.6.5"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.6.6 Search vendor "Sensiolabs" for product "Symfony" and version "2.6.6"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.6.7 Search vendor "Sensiolabs" for product "Symfony" and version "2.6.7"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.6.8 Search vendor "Sensiolabs" for product "Symfony" and version "2.6.8"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.6.9 Search vendor "Sensiolabs" for product "Symfony" and version "2.6.9"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.6.10 Search vendor "Sensiolabs" for product "Symfony" and version "2.6.10"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.6.11 Search vendor "Sensiolabs" for product "Symfony" and version "2.6.11"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.7.0 Search vendor "Sensiolabs" for product "Symfony" and version "2.7.0"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.7.1 Search vendor "Sensiolabs" for product "Symfony" and version "2.7.1"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.7.2 Search vendor "Sensiolabs" for product "Symfony" and version "2.7.2"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.7.3 Search vendor "Sensiolabs" for product "Symfony" and version "2.7.3"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.7.4 Search vendor "Sensiolabs" for product "Symfony" and version "2.7.4"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.7.5 Search vendor "Sensiolabs" for product "Symfony" and version "2.7.5"		-		Affected
Sensiolabs Search vendor "Sensiolabs"		Symfony Search vendor "Sensiolabs" for product "Symfony"				2.7.6 Search vendor "Sensiolabs" for product "Symfony" and version "2.7.6"		-		Affected