Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2016-4423
HistoryJun 01, 2016 - 12:00 a.m.

CVE-2016-4423

2016-06-0100:00:00
ubuntu.com
ubuntu.com
20

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.01 Low

EPSS

Percentile

84.0%

JSON

The attemptAuthentication function in
Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and
3.0.x before 3.0.6 does not limit the length of a username stored in a
session, which allows remote attackers to cause a denial of service
(session storage consumption) via a series of authentication attempts with
long, non-existent usernames.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchsymfony< anyUNKNOWN

Related

friendsofphp 3
nvd 1
cvelist 1
debiancve 1
prion 1
veracode 1
symfony 1
github 1
cve 1
osv 2
nessus 1
openvas 2
debian 2
friendsofphp
friendsofphp
CVE-2016-4423: Large username storage in session
2016-05-09 21:13:10
CVE-2016-4423: Large username storage in session
2016-05-09 21:13:10
CVE-2016-4423: Large username storage in session
2016-05-09 21:13:10
nvd
nvd
CVE-2016-4423
2016-06-01 22:59:02
cvelist
cvelist
CVE-2016-4423
2016-06-01 22:00:00
debiancve
debiancve
CVE-2016-4423
2016-06-01 22:59:02
prion
prion
Authentication flaw
2016-06-01 22:59:00
veracode
veracode
Denial Of Service (DoS)
2017-07-26 21:16:09
symfony
symfony
CVE-2016-4423: Large username storage in session
2016-05-09 00:00:00
github
github
Symphony Denial of Service Via Overlong Usernames
2022-05-17 03:54:47
cve
cve
CVE-2016-4423
2016-06-01 22:59:02
osv
osv
Symphony Denial of Service Via Overlong Usernames
2022-05-17 03:54:47
symfony - security update
2016-05-29 00:00:00
nessus
nessus
Debian DSA-3588-1 : symfony - security update
2016-05-31 00:00:00
openvas
openvas
Debian Security Advisory DSA 3588-1 (symfony - security update)
2016-05-29 00:00:00
Debian: Security Advisory (DSA-3588-1)
2016-05-28 00:00:00
debian
debian
[SECURITY] [DSA 3588-1] symfony security update
2016-05-29 17:53:59
[SECURITY] [DSA 3588-1] symfony security update
2016-05-29 17:53:59

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.01 Low

EPSS

Percentile

84.0%

JSON
Related for UB:CVE-2016-4423
friendsofphp3nvd1cvelist1debiancve1prion1veracode1symfony1github1cve1osv2nessus1openvas2debian2