Vulnerability Details : CVE-2013-5750
The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.
Vulnerability category: Denial of service
Products affected by CVE-2013-5750
- cpe:2.3:a:friends_of_symfony_project:fosuserbundle:*:-:-:*:-:symfony:*:*
- cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.4:-:-:*:-:symfony:*:*
- cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.3:-:-:*:-:symfony:*:*
- cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.1:-:-:*:-:symfony:*:*
- cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.0:-:-:*:-:symfony:*:*
- cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.3.1:-:-:*:-:symfony:*:*
- cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.5:-:-:*:-:symfony:*:*
- cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.1.0:-:-:*:-:symfony:*:*
- cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.3.0:-:-:*:-:symfony:*:*
- cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.0.0:-:-:*:-:symfony:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-5750
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-5750
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-5750
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5750
-
http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form
CVE-2013-5750: Security issue in FOSUserBundle login form (Symfony Blog)Patch;Vendor Advisory
Jump to