Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20240806-05
HistoryAug 06, 2024 - 12:00 a.m.

ROS-20240806-05

2024-08-0600:00:00
redos.red-soft.ru
4
symfony
web platform
vulnerability
session management
remote attackers
csrf
disclosure
info protection

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

59.2%

JSON

A vulnerability in the AbstractSessionListener component of the Symfony web application development and management platform is related to an incorrect authorization procedure.
Symfony web application development and management platform is related to incorrect authorization procedure. Exploitation of the vulnerability could
allow an attacker acting remotely to gain access to a user’s session

A vulnerability in the Symfony web application development and management software platform is related to
incorrect session management. Exploitation of the vulnerability could allow an attacker acting remotely to perform CSR.
remotely to launch a CSRF attack

A vulnerability in the Symfony web application development and management software platform exists due to
failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker,
acting remotely, to disclose protected information, perform phishing and disk-loading attacks.
disk-loading

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64php-symfony4< 4.4.50-2UNKNOWN

Related

openvas 5
fedora 2
nessus 4
osv 11
debian 2
cvelist 3
ubuntucve 3
cve 3
vulnrichment 1
debiancve 3
veracode 3
github 3
prion 3
symfony 3
nvd 3
friendsofphp 6
openvas
openvas
Fedora: Security Advisory for php-symfony4 (FEDORA-2023-74b702f058)
2023-02-11 00:00:00
Fedora: Security Advisory for php-symfony4 (FEDORA-2023-aecde14648)
2023-02-11 00:00:00
Symfony Multiple Vulnerabilities (GHSA-h7vf-5wrv-9fhv, GHSA-3gv2-29qc-v67m)
2023-02-06 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: php-symfony4-4.4.50-1.fc36
2023-02-11 01:33:25
[SECURITY] Fedora 37 Update: php-symfony4-4.4.50-1.fc37
2023-02-11 00:33:03
nessus
nessus
Fedora 36 : php-symfony4 (2023-aecde14648)
2023-02-11 00:00:00
Fedora 37 : php-symfony4 (2023-74b702f058)
2023-02-11 00:00:00
Debian DLA-3493-1 : symfony - LTS security update
2023-07-12 00:00:00
osv
osv
symfony - security update
2023-07-11 00:00:00
BIT-symfony-2023-46734
2024-03-06 11:06:44
CVE-2023-46734
2023-11-10 18:15:09
debian
debian
[SECURITY] [DLA 3493-1] symfony security update
2023-07-11 23:19:27
[SECURITY] [DLA 3664-1] symfony security update
2023-11-24 18:22:20
cvelist
cvelist
CVE-2023-46734 Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
2023-11-10 17:49:55
CVE-2022-24894 Symfony storing cookie headers in HttpCache
2023-02-03 21:46:23
CVE-2022-24895 Symfony vulnerable to Session Fixation of CSRF tokens
2023-02-03 21:45:26
ubuntucve
ubuntucve
CVE-2023-46734
2023-11-10 00:00:00
CVE-2022-24894
2023-02-03 00:00:00
CVE-2022-24895
2023-02-03 00:00:00
cve
cve
CVE-2023-46734
2023-11-10 18:15:09
CVE-2022-24894
2023-02-03 22:15:10
CVE-2022-24895
2023-02-03 22:15:11
vulnrichment
vulnrichment
CVE-2023-46734 Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
2023-11-10 17:49:55
debiancve
debiancve
CVE-2022-24894
2023-02-03 22:15:10
CVE-2023-46734
2023-11-10 18:15:09
CVE-2022-24895
2023-02-03 22:15:11
veracode
veracode
Improper Authorization
2023-02-17 06:39:35
Cross Site Scripting (XSS)
2023-11-13 08:57:55
Session Fixation
2023-02-16 09:55:37
github
github
Symfony storing cookie headers in HttpCache
2023-02-01 18:48:09
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
2023-11-12 15:52:51
Symfony vulnerable to Session Fixation of CSRF tokens
2023-02-01 18:48:06
prion
prion
Design/Logic Flaw
2023-11-10 18:15:00
Design/Logic Flaw
2023-02-03 22:15:00
Cross site request forgery (csrf)
2023-02-03 22:15:00
symfony
symfony
CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters
2023-11-10 00:00:00
CVE-2022-24894: Prevent storing cookie headers in HttpCache
2023-02-01 00:00:00
CVE-2022-24895: CSRF token fixation
2023-02-01 00:00:00
nvd
nvd
CVE-2023-46734
2023-11-10 18:15:09
CVE-2022-24894
2023-02-03 22:15:10
CVE-2022-24895
2023-02-03 22:15:11
friendsofphp
friendsofphp
CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters
1970-01-01 00:00:00
CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters
1970-01-01 00:00:00
CVE-2022-24894: Prevent storing cookie headers in HttpCache
2023-02-01 08:00:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

59.2%

JSON
Related for ROS-20240806-05
openvas5fedora2nessus4osv11debian2cvelist3ubuntucve3cve3vulnrichment1debiancve3veracode3github3prion3symfony3nvd3friendsofphp6