Permissions, Privileges, and Access Controls in Symfony - CVE-2012-6431
Published: December 27, 2012 / Updated: August 11, 2020
Vulnerability identifier: #VU43226
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2012-6431
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: SensioLabs
Affected software:
Symfony
Symfony
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
How to mitigate CVE-2012-6431
Install update from vendor's website.