Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6431

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-6431
Last Modified 07 Jan 2013 12:00:00
Published 27 Dec 2012 06:47:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-6431

Summary

Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.

Vulnerable Systems

Application

  • Sensiolabs Symfony 2.0.0

  • Sensiolabs Symfony 2.0.1

  • Sensiolabs Symfony 2.0.10

  • Sensiolabs Symfony 2.0.11

  • Sensiolabs Symfony 2.0.12

  • Sensiolabs Symfony 2.0.13

  • Sensiolabs Symfony 2.0.14

  • Sensiolabs Symfony 2.0.15

  • Sensiolabs Symfony 2.0.16

  • Sensiolabs Symfony 2.0.17

  • Sensiolabs Symfony 2.0.18

  • Sensiolabs Symfony 2.0.19

  • Sensiolabs Symfony 2.0.2

  • Sensiolabs Symfony 2.0.3

  • Sensiolabs Symfony 2.0.4

  • Sensiolabs Symfony 2.0.5

  • Sensiolabs Symfony 2.0.6

  • Sensiolabs Symfony 2.0.7

  • Sensiolabs Symfony 2.0.8

  • Sensiolabs Symfony 2.0.9


References

CONFIRM - http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released


Last Updated: 27 May 2016 11:01:30