Symfony Local File Include and Open Redirection Vulnerabilities
BID:106249
CVE-2018-19789 | CVE-2018-19790 |Info
Symfony Local File Include and Open Redirection Vulnerabilities
| Bugtraq ID: | 106249 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-19789 CVE-2018-19790 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 19 2018 12:00AM |
| Updated: | Dec 19 2018 12:00AM |
| Credit: | David Gorges of LeapHub and EC-CUBE Dev Team. |
| Vulnerable: |
Symfony Symfony 3.0.6 Symfony Symfony 3.0.5 Symfony Symfony 3.0.4 Symfony Symfony 3.0.3 Symfony Symfony 3.0.2 Symfony Symfony 3.0.1 Symfony Symfony 3.0 Symfony Symfony 2.8.6 Symfony Symfony 2.8.5 Symfony Symfony 2.8.4 Symfony Symfony 2.8.3 Symfony Symfony 2.8.2 Symfony Symfony 2.8.1 Symfony Symfony 2.8 SensioLabs Symfony 4.2 SensioLabs Symfony 4.1.8 SensioLabs Symfony 4.1.3 SensioLabs Symfony 4.1.2 SensioLabs Symfony 4.1 SensioLabs Symfony 4.0.14 SensioLabs Symfony 4.0.13 SensioLabs Symfony 4.0 SensioLabs Symfony 3.4.19 SensioLabs Symfony 3.4.14 SensioLabs Symfony 3.4.13 SensioLabs Symfony 3.4 SensioLabs Symfony 3.3.18 SensioLabs Symfony 3.3.17 SensioLabs Symfony 3.3 SensioLabs Symfony 2.8.48 SensioLabs Symfony 2.8.44 SensioLabs Symfony 2.8.43 SensioLabs Symfony 2.8 SensioLabs Symfony 2.7.49 SensioLabs Symfony 2.7.48 SensioLabs Symfony 2.7.7 SensioLabs Symfony 2.7.6 SensioLabs Symfony 2.7.5 SensioLabs Symfony 2.7.4 SensioLabs Symfony 2.7.3 SensioLabs Symfony 2.7.2 SensioLabs Symfony 2.7.1 SensioLabs Symfony 2.7 |
| Not Vulnerable: |
SensioLabs Symfony 4.2.1 SensioLabs Symfony 4.1.9 SensioLabs Symfony 4.0.15 SensioLabs Symfony 3.4.20 SensioLabs Symfony 2.8.49 SensioLabs Symfony 2.7.50 |
Discussion
Symfony Local File Include and Open Redirection Vulnerabilities
Symfony is prone to a local file-include vulnerability and an open-redirection vulnerability.
An attacker can exploit this issue to obtain potentially sensitive information and execute arbitrary local scripts and by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.
These issues are fixed in:
Symfony 2.7.50, 2.8.49, 3.4.20, 4.0.15, 4.1.9 and 4.2.1.
Symfony is prone to a local file-include vulnerability and an open-redirection vulnerability.
An attacker can exploit this issue to obtain potentially sensitive information and execute arbitrary local scripts and by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.
These issues are fixed in:
Symfony 2.7.50, 2.8.49, 3.4.20, 4.0.15, 4.1.9 and 4.2.1.
Exploit / POC
Symfony Local File Include and Open Redirection Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Symfony Local File Include and Open Redirection Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Symfony Local File Include and Open Redirection Vulnerabilities
References:
References:
- CVE-2018-19789: Disclosure of uploaded files full path (Symfony)
- CVE-2018-19790: Open Redirect Vulnerability when using Security\Http (Symfony)
- Symfony Homepage (SensioLabs)