Open redirect in SensioLabs Symfony
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-16652 |
| CWE-ID | CWE-601 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Symfony Web applications / CMS |
| Vendor | SensioLabs |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Open redirect
EUVDB-ID: #VU31280
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-16652
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsSymfony: 3.3.0 - 3.3.12
External linkshttp://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
http://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
