Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-1707-1:A69DA
HistoryMar 10, 2019 - 1:19 a.m.

[SECURITY] [DLA 1707-1] symfony security update

2019-03-1001:19:23
lists.debian.org
184

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

Low

0.878 High

EPSS

Percentile

98.7%

JSON

Package : symfony
Version : 2.3.21+dfsg-4+deb8u4
CVE ID : CVE-2017-16652 CVE-2017-16654 CVE-2018-11385 CVE-2018-11408
CVE-2018-14773 CVE-2018-19789 CVE-2018-19790

Several security vulnerabilities have been discovered in symfony, a PHP
web application framework. Numerous symfony components are affected:
Security, bundle readers, session handling, SecurityBundle,
HttpFoundation, Form, and Security\Http.

The corresponding upstream advisories contain further details:

[CVE-2017-16652]
https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers

[CVE-2017-16654]
https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths

[CVE-2018-11385]
https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication

[CVE-2018-11408]
https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers

[CVE-2018-14773]
https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers

[CVE-2018-19789]
https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path

[CVE-2018-19790]
https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http

For Debian 8 "Jessie", these problems have been fixed in version
2.3.21+dfsg-4+deb8u4.

We recommend that you upgrade your symfony packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian8allphp-symfony-security-bundle<ย 2.3.21+dfsg-4+deb8u4php-symfony-security-bundle_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-doctrine-bridge<ย 2.3.21+dfsg-4+deb8u4php-symfony-doctrine-bridge_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-security<ย 2.3.21+dfsg-4+deb8u4php-symfony-security_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-http-kernel<ย 2.3.21+dfsg-4+deb8u4php-symfony-http-kernel_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-browser-kit<ย 2.3.21+dfsg-4+deb8u4php-symfony-browser-kit_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-twig-bundle<ย 2.3.21+dfsg-4+deb8u4php-symfony-twig-bundle_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-class-loader<ย 2.3.21+dfsg-4+deb8u4php-symfony-class-loader_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-framework-bundle<ย 2.3.21+dfsg-4+deb8u4php-symfony-framework-bundle_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-stopwatch<ย 2.3.21+dfsg-4+deb8u4php-symfony-stopwatch_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-console<ย 2.3.21+dfsg-4+deb8u4php-symfony-console_2.3.21+dfsg-4+deb8u4_all.deb
Rows per page:
1-10 of 401

Related

osv 17
openvas 27
nessus 21
fedora 21
cvelist 7
nvd 7
debiancve 7
symfony 7
veracode 7
cve 7
prion 7
ubuntucve 7
github 7
debian 3
friendsofphp 18
redhatcve 1
drupal 2
thn 1
ibm 1
osv
osv
symfony - security update
2019-03-09 00:00:00
Symfony Open Redirect
2022-05-14 01:21:15
CVE-2018-11408
2018-06-13 16:29:01
openvas
openvas
Debian: Security Advisory (DLA-1707-1)
2019-03-10 00:00:00
Fedora Update for php-symfony FEDORA-2018-8c06b6defd
2018-12-18 00:00:00
Fedora Update for php-symfony3 FEDORA-2018-66547a8c14
2018-12-18 00:00:00
nessus
nessus
Debian DLA-1707-1 : symfony security update
2019-03-11 00:00:00
Fedora 28 : php-symfony3 (2018-66547a8c14)
2019-01-03 00:00:00
Fedora 28 : php-symfony4 (2018-6edf04d9d6)
2019-01-03 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: php-symfony3-3.4.20-1.fc28
2018-12-17 02:28:10
[SECURITY] Fedora 28 Update: php-symfony-2.8.49-1.fc28
2018-12-17 02:28:11
[SECURITY] Fedora 28 Update: php-symfony4-4.0.15-1.fc28
2018-12-17 02:28:12
cvelist
cvelist
CVE-2018-11408
2018-06-13 16:00:00
CVE-2017-16654
2018-08-06 21:00:00
CVE-2018-19790
2018-12-18 22:00:00
nvd
nvd
CVE-2018-11408
2018-06-13 16:29:01
CVE-2017-16654
2018-08-06 21:29:00
CVE-2017-16652
2018-06-13 16:29:00
debiancve
debiancve
CVE-2018-11408
2018-06-13 16:29:01
CVE-2017-16654
2018-08-06 21:29:00
CVE-2018-11385
2018-06-13 16:29:00
symfony
symfony
CVE-2018-11408: Open redirect vulnerability on security handlers
2018-05-25 00:00:00
CVE-2017-16654: Intl bundle readers breaking out of paths
2017-11-17 00:00:00
CVE-2018-19789: Disclosure of uploaded files full path
2018-12-06 00:00:00
veracode
veracode
Open Redirect
2018-06-14 03:06:14
Directory Traversal
2017-11-21 06:26:16
Open Redirect
2018-12-19 01:52:36
cve
cve
CVE-2018-11408
2018-06-13 16:29:01
CVE-2017-16652
2018-06-13 16:29:00
CVE-2017-16654
2018-08-06 21:29:00
prion
prion
Open redirect
2018-06-13 16:29:00
Directory traversal
2018-08-06 21:29:00
Session fixation
2018-06-13 16:29:00
ubuntucve
ubuntucve
CVE-2018-11408
2018-06-13 00:00:00
CVE-2017-16654
2018-08-06 00:00:00
CVE-2018-11385
2018-06-13 00:00:00
github
github
Symfony Open Redirect
2022-05-14 01:21:15
Symfony Directory Traversal
2022-05-14 01:21:16
Symfony Session Fixation Vulnerability
2022-05-14 01:22:27
debian
debian
[SECURITY] [DSA 4441-1] symfony security update
2019-05-10 06:26:19
[SECURITY] [DSA 4441-1] symfony security update
2019-05-10 06:26:19
[SECURITY] [DSA 4262-1] symfony security update
2018-08-03 16:32:58
friendsofphp
friendsofphp
CVE-2017-16654: Intl bundle readers breaking out of paths
2017-11-16 15:15:44
CVE-2018-11385: Session Fixation Issue for Guard Authentication
2018-05-25 11:46:22
CVE-2017-16654: Intl bundle readers breaking out of paths
2017-11-16 15:15:44
redhatcve
redhatcve
CVE-2017-16654
2022-05-20 23:43:31
drupal
drupal
Drupal Core - 3rd-party libraries -SA-CORE-2018-005
2018-08-01 00:00:00
Drupal Core - 3rd-party libraries -SA-CORE-2018-005
2018-08-01 00:00:00
thn
thn
Symfony Flaw Leaves Drupal Sites Vulnerable to Hackersโ€”Patch Now
2018-08-03 11:13:00
ibm
ibm
Security Bulletin: IBM API Connect is impacted by a Drupal 8 vulnerability (CVE-2018-14773)
2018-08-23 16:19:33

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

Low

0.878 High

EPSS

Percentile

98.7%

JSON
Related for DEBIAN:DLA-1707-1:A69DA
osv17openvas27nessus21fedora21cvelist7nvd7debiancve7symfony7veracode7cve7prion7ubuntucve7github7debian3friendsofphp18redhatcve1drupal2thn1ibm1