Symfony CVE-2018-14773 Security Bypass Vulnerability
BID:104943
CVE-2018-14773 |Info
Symfony CVE-2018-14773 Security Bypass Vulnerability
| Bugtraq ID: | 104943 |
| Class: | Access Validation Error |
| CVE: |
CVE-2018-14773 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 02 2018 12:00AM |
| Updated: | Aug 02 2018 12:00AM |
| Credit: | Michael Cullum |
| Vulnerable: |
Zend zend-diactoros 1.0.4 Zend zend-diactoros 1.0.3 Symfony Symfony 2.8.6 Symfony Symfony 2.8.5 Symfony Symfony 2.8.4 Symfony Symfony 2.8.3 Symfony Symfony 2.8.2 Symfony Symfony 2.8.1 Symfony Symfony 2.8 SensioLabs Symfony 2.7.7 SensioLabs Symfony 2.7.6 SensioLabs Symfony 2.7.5 SensioLabs Symfony 2.7.4 SensioLabs Symfony 2.7.3 SensioLabs Symfony 2.7.2 SensioLabs Symfony 2.7.1 SensioLabs Symfony 2.7 Drupal Drupal 8.5.3 Drupal Drupal 8.5.2 Drupal Drupal 8.5.1 Drupal Drupal 8.5 Drupal Drupal 8.4.8 Drupal Drupal 8.4.7 Drupal Drupal 8.4.6 Drupal Drupal 8.4.5 Drupal Drupal 8.4.4 Drupal Drupal 8.4.3 Drupal Drupal 8.4.2 Drupal Drupal 8.4.1 Drupal Drupal 8.4 Drupal Drupal 8.3.9 Drupal Drupal 8.3.8 Drupal Drupal 8.3.7 Drupal Drupal 8.3.6 Drupal Drupal 8.3.5 Drupal Drupal 8.3.4 Drupal Drupal 8.3.3 Drupal Drupal 8.3.2 Drupal Drupal 8.3.1 Drupal Drupal 8.2.8 Drupal Drupal 8.2.7 Drupal Drupal 8.2.3 Drupal Drupal 8.2.2 Drupal Drupal 8.2.1 Drupal Drupal 8.2 Drupal Drupal 8.1.10 Drupal Drupal 8.1.9 Drupal Drupal 8.1.8 Drupal Drupal 8.0.4 Drupal Drupal 8.0.3 Drupal Drupal 8.0.2 Drupal Drupal 8.0.1 Drupal Drupal 8.0 Drupal Drupal 8.1.7 Drupal Drupal 8.1.6 Drupal Drupal 8.1.5 Drupal Drupal 8.1.4 Drupal Drupal 8.1.3 Drupal Drupal 8.1.0 Drupal Drupal 8.0 |
| Not Vulnerable: | |
Discussion
Symfony CVE-2018-14773 Security Bypass Vulnerability
Symfony is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.
Symfony is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.
Exploit / POC
Symfony CVE-2018-14773 Security Bypass Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Symfony CVE-2018-14773 Security Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Symfony CVE-2018-14773 Security Bypass Vulnerability
References:
References:
- CVE-2018-14773: Remove support for legacy and risky HTTP headers (Symfony)
- Symfony Homepage (SensioLabs)
- Drupal Core - 3rd-party libraries -SA-CORE-2018-005 (Drupal)
- ZF2018-01: URL Rewrite vulnerability (Zend)