Lucene search
HistoryJun 24, 2015 - 10:59 a.m.
CVE-2015-2308
cve-2015-2308
eval injection
httpcache class
symfony
remote code execution
nvd
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.1%
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language=“php” attribute of a SCRIPT element.
Affected configurations
Node
sensiolabssymfonyMatch2.0.0
ORsensiolabssymfonyMatch2.0.1
ORsensiolabssymfonyMatch2.0.2
ORsensiolabssymfonyMatch2.0.3
ORsensiolabssymfonyMatch2.0.4
ORsensiolabssymfonyMatch2.0.5
ORsensiolabssymfonyMatch2.0.6
ORsensiolabssymfonyMatch2.0.7
ORsensiolabssymfonyMatch2.0.8
ORsensiolabssymfonyMatch2.0.9
ORsensiolabssymfonyMatch2.0.10
ORsensiolabssymfonyMatch2.0.11
ORsensiolabssymfonyMatch2.0.12
ORsensiolabssymfonyMatch2.0.13
ORsensiolabssymfonyMatch2.0.14
ORsensiolabssymfonyMatch2.0.15
ORsensiolabssymfonyMatch2.0.16
ORsensiolabssymfonyMatch2.0.17
ORsensiolabssymfonyMatch2.0.18
ORsensiolabssymfonyMatch2.0.19
ORsensiolabssymfonyMatch2.0.20
ORsensiolabssymfonyMatch2.0.21
ORsensiolabssymfonyMatch2.0.22
ORsensiolabssymfonyMatch2.1.0
ORsensiolabssymfonyMatch2.1.1
ORsensiolabssymfonyMatch2.1.2
ORsensiolabssymfonyMatch2.1.3
ORsensiolabssymfonyMatch2.1.4
ORsensiolabssymfonyMatch2.1.5
ORsensiolabssymfonyMatch2.1.6
ORsensiolabssymfonyMatch2.1.7
ORsensiolabssymfonyMatch2.2.0
ORsensiolabssymfonyMatch2.2.1
ORsensiolabssymfonyMatch2.2.2
ORsensiolabssymfonyMatch2.2.3
ORsensiolabssymfonyMatch2.2.4
ORsensiolabssymfonyMatch2.2.5
ORsensiolabssymfonyMatch2.2.6
ORsensiolabssymfonyMatch2.2.8
ORsensiolabssymfonyMatch2.2.9
ORsensiolabssymfonyMatch2.2.10
ORsensiolabssymfonyMatch2.2.11
ORsensiolabssymfonyMatch2.3.19
ORsensiolabssymfonyMatch2.3.20
ORsensiolabssymfonyMatch2.3.21
ORsensiolabssymfonyMatch2.3.22
ORsensiolabssymfonyMatch2.3.23
ORsensiolabssymfonyMatch2.3.24
ORsensiolabssymfonyMatch2.3.25
ORsensiolabssymfonyMatch2.3.26
ORsensiolabssymfonyMatch2.4.1
ORsensiolabssymfonyMatch2.4.2
ORsensiolabssymfonyMatch2.4.3
ORsensiolabssymfonyMatch2.4.4
ORsensiolabssymfonyMatch2.4.5
ORsensiolabssymfonyMatch2.4.6
ORsensiolabssymfonyMatch2.4.7
ORsensiolabssymfonyMatch2.4.8
ORsensiolabssymfonyMatch2.4.9
ORsensiolabssymfonyMatch2.4.10
ORsensiolabssymfonyMatch2.5.1
ORsensiolabssymfonyMatch2.5.2
ORsensiolabssymfonyMatch2.5.3
ORsensiolabssymfonyMatch2.5.4
ORsensiolabssymfonyMatch2.5.5
ORsensiolabssymfonyMatch2.5.6
ORsensiolabssymfonyMatch2.5.7
ORsensiolabssymfonyMatch2.5.8
ORsensiolabssymfonyMatch2.5.9
ORsensiolabssymfonyMatch2.5.10
ORsensiolabssymfonyMatch2.6.0
ORsensiolabssymfonyMatch2.6.1
ORsensiolabssymfonyMatch2.6.3
ORsensiolabssymfonyMatch2.6.4
ORsensiolabssymfonyMatch2.6.5
Related
ubuntucve
ubuntucve
CVE-2015-2308
2015-06-24 00:00:00
nvd
nvd
CVE-2015-2308
2015-06-24 10:59:01
symfony
symfony
CVE-2015-2308: Esi Code Injection
2015-04-01 00:00:00
friendsofphp
friendsofphp
Esi Code Injection
2015-04-01 18:55:26
Esi Code Injection
2015-04-01 18:55:26
github
github
Symfony Vulnerable to PHP Eval Injection
2022-05-17 03:34:11
debiancve
debiancve
CVE-2015-2308
2015-06-24 10:59:01
prion
prion
Sql injection
2015-06-24 10:59:00
osv
osv
Symfony Vulnerable to PHP Eval Injection
2022-05-17 03:34:11
cvelist
cvelist
CVE-2015-2308
2015-06-24 10:00:00
jvn
jvn
JVN#19578958: Symfony vulnerable to code injection
2015-06-23 00:00:00
veracode
veracode
Arbitrary Code Injection
2017-07-28 08:49:25
openvas
openvas
Fedora Update for php-symfony FEDORA-2015-5504
2015-07-07 00:00:00
Fedora Update for php-symfony FEDORA-2015-5457
2015-04-19 00:00:00
Fedora Update for php-symfony FEDORA-2015-9039
2015-06-09 00:00:00
nessus
nessus
Fedora 22 : php-symfony-2.5.11-1.fc22 (2015-5504)
2015-04-22 00:00:00
Fedora 20 : php-symfony-2.5.11-1.fc20 (2015-5464)
2015-04-20 00:00:00
Fedora 21 : php-symfony-2.5.11-1.fc21 (2015-5457)
2015-04-20 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: php-symfony-2.5.11-1.fc22
2015-04-21 18:53:37
[SECURITY] Fedora 21 Update: php-symfony-2.5.11-1.fc21
2015-04-18 09:34:37
[SECURITY] Fedora 21 Update: php-symfony-2.5.12-1.fc21
2015-06-06 00:05:41
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.1%
Related for CVE-2015-2308