Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in Symfony



Published: 2020-03-31
Severity Medium
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2020-5255
CVE-2020-5275
CWE ID CWE-20
CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Symfony
Web applications / CMS

Vendor SensioLabs

Security Advisory

1) Input validation error

Severity: Medium

CVSSv3: 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-5255

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to Symfony sets the default Content-Type header based on received Accept header. A remote attacker can pass specially crafted HTTP request and force the application to cache an empty response, leading to denial of service condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symfony: 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6

CPE External links

https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6
https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859
https://github.com/symfony/symfony/releases/tag/v5.0.7
https://github.com/symfony/symfony/releases/tag/v4.4.7

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 4.2 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-5275

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security measures.

The vulnerability exists due to a logical error when processing configured firewall rules in an unanimous configuration in Symfony. When a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take into account in an unanimous strategy.

A remote attacker can bypass configured rules and gain unauthorized access to the web application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Symfony: 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6

CPE External links

https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf
https://github.com/symfony/symfony/security/advisories/GHSA-g4m9-5hpf-hx72
https://github.com/symfony/symfony/releases/tag/v5.0.7
https://github.com/symfony/symfony/releases/tag/v4.4.7

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



ImmuniWeb® AI Platform for Application Security Testing