Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5574

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-5574
Last Modified 28 Dec 2012 12:00:00
Published 17 Dec 2012 08:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5574

Summary

lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.

Vulnerable Systems

Application

  • Sensiolabs Symfony 1.4.0

  • Sensiolabs Symfony 1.4.1

  • Sensiolabs Symfony 1.4.10

  • Sensiolabs Symfony 1.4.11

  • Sensiolabs Symfony 1.4.12

  • Sensiolabs Symfony 1.4.13

  • Sensiolabs Symfony 1.4.14

  • Sensiolabs Symfony 1.4.15

  • Sensiolabs Symfony 1.4.16

  • Sensiolabs Symfony 1.4.17

  • Sensiolabs Symfony 1.4.18

  • Sensiolabs Symfony 1.4.19

  • Sensiolabs Symfony 1.4.2

  • Sensiolabs Symfony 1.4.3

  • Sensiolabs Symfony 1.4.4

  • Sensiolabs Symfony 1.4.5

  • Sensiolabs Symfony 1.4.6

  • Sensiolabs Symfony 1.4.7

  • Sensiolabs Symfony 1.4.8

  • Sensiolabs Symfony 1.4.9


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=880240

MISC - https://bugs.gentoo.org/show_bug.cgi?id=444696

XF - symfony-unspecified-information-disclosure(80309)

BID - 56685

OSVDB - 87869

MLIST - [oss-security] 20121126 Re: CVE Request -- Symfony (php-symfony-symfony) < 1.4.20: Ability to read arbitrary files on the server, readable with the web server privileges

CONFIRM - http://trac.symfony-project.org/changeset/33598

CONFIRM - http://symfony.com/blog/security-release-symfony-1-4-20-released

SECUNIA - 51372

FEDORA - FEDORA-2012-19195

FEDORA - FEDORA-2012-19235

FEDORA - FEDORA-2012-19076


Last Updated: 27 May 2016 11:01:28