Lucene search

K

GoogleOSV:CVE-2018-11386

HistoryJun 13, 2018 - 4:29 p.m.

CVE-2018-11386

2018-06-1316:29:00

Google

osv.dev

6

AI Score

5.9

Confidence

High

EPSS

0.006

Percentile

77.7%

An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/

symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler

www.debian.org/security/2018/dsa-4262

AI Score

5.9

Confidence

High

EPSS

0.006

Percentile

77.7%

Related for OSV:CVE-2018-11386

prion1 cve1 debiancve1 friendsofphp2 github1 veracode1 osv2 symfony1 nvd1 cvelist1 ubuntucve1 fedora6 nessus6 openvas5 debian1