CVE-2013-4752 Information

Description

Symfony 2.0.X before 2.0.24 2.1.X before 2.1.12 2.2.X before 2.2.5 and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released http://www.securityfocus.com/bid/61715 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752 https://exchange.xforce.ibmcloud.com/vulnerabilities/86365 https://exchange.xforce.ibmcloud.com/vulnerabilities/86366 https://exchange.xforce.ibmcloud.com/vulnerabilities/86367 https://exchange.xforce.ibmcloud.com/vulnerabilities/86368 https://exchange.xforce.ibmcloud.com/vulnerabilities/86369 https://exchange.xforce.ibmcloud.com/vulnerabilities/86370 https://exchange.xforce.ibmcloud.com/vulnerabilities/86371 https://exchange.xforce.ibmcloud.com/vulnerabilities/86372 https://exchange.xforce.ibmcloud.com/vulnerabilities/86373 https://exchange.xforce.ibmcloud.com/vulnerabilities/86374

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1