Lucene search
Veracode Vulnerability DatabaseVERACODE:4708HistoryJul 26, 2017 - 9:16 p.m.
Denial Of Service (DoS)
2017-07-2621:16:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.01 Low
EPSS
Percentile
84.0%
Symfony is vulnerable to denial of service (DoS) attacks. The library does not limit the length of usernames stored in a session. A malicious user can pass multiple long, non-existent usernames to the system to cause it to run out of storage. This can lead to the authentication service being unavailable for use.
| CPE | Name | Operator | Version |
|---|---|---|---|
| symfony/symfony | le | 2.3.40 | |
| symfony/symfony | le | 3.0.5 | |
| symfony/symfony | le | 2.7.12 | |
| symfony/symfony | le | 2.6.13 | |
| symfony/symfony | le | 2.2.11 | |
| symfony/symfony | le | 2.8.5 |
Related
friendsofphp
friendsofphp
CVE-2016-4423: Large username storage in session
2016-05-09 21:13:10
CVE-2016-4423: Large username storage in session
2016-05-09 21:13:10
CVE-2016-4423: Large username storage in session
2016-05-09 21:13:10
nvd
nvd
CVE-2016-4423
2016-06-01 22:59:02
cvelist
cvelist
CVE-2016-4423
2016-06-01 22:00:00
debiancve
debiancve
CVE-2016-4423
2016-06-01 22:59:02
prion
prion
Authentication flaw
2016-06-01 22:59:00
symfony
symfony
CVE-2016-4423: Large username storage in session
2016-05-09 00:00:00
osv
osv
Symphony Denial of Service Via Overlong Usernames
2022-05-17 03:54:47
symfony - security update
2016-05-29 00:00:00
github
github
Symphony Denial of Service Via Overlong Usernames
2022-05-17 03:54:47
cve
cve
CVE-2016-4423
2016-06-01 22:59:02
ubuntucve
ubuntucve
CVE-2016-4423
2016-06-01 00:00:00
debian
debian
[SECURITY] [DSA 3588-1] symfony security update
2016-05-29 17:53:59
[SECURITY] [DSA 3588-1] symfony security update
2016-05-29 17:53:59
nessus
nessus
Debian DSA-3588-1 : symfony - security update
2016-05-31 00:00:00
openvas
openvas
Debian Security Advisory DSA 3588-1 (symfony - security update)
2016-05-29 00:00:00
Debian: Security Advisory (DSA-3588-1)
2016-05-28 00:00:00