Vulnerability Details : CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.
Vulnerability category: BypassGain privilege
Products affected by CVE-2015-4050
- cpe:2.3:a:sensiolabs:symfony:2.3.25:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.26:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.20:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.21:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.19:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.22:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.23:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.24:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.28:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.27:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.6.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4050
0.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4050
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-4050
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4050
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159513.html
[SECURITY] Fedora 20 Update: php-symfony-2.5.12-1.fc20
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159603.html
[SECURITY] Fedora 22 Update: php-symfony-2.5.12-1.fc22
-
http://www.securityfocus.com/bid/74928
Symfony CVE-2015-4050 Unauthorized Access Vulnerability
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159610.html
[SECURITY] Fedora 21 Update: php-symfony-2.5.12-1.fc21
-
http://www.debian.org/security/2015/dsa-3276
Debian -- Security Information -- DSA-3276-1 symfony
-
http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
CVE-2015-4050: ESI unauthorized access (Symfony Blog)Vendor Advisory
Jump to