Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6432

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-6432
Last Modified 27 Dec 2012 03:03:30
Published 27 Dec 2012 06:47:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6432

Summary

Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring.

Vulnerable Systems

Application

  • Sensiolabs Symfony 2.0.0

  • Sensiolabs Symfony 2.0.1

  • Sensiolabs Symfony 2.0.10

  • Sensiolabs Symfony 2.0.11

  • Sensiolabs Symfony 2.0.12

  • Sensiolabs Symfony 2.0.13

  • Sensiolabs Symfony 2.0.14

  • Sensiolabs Symfony 2.0.15

  • Sensiolabs Symfony 2.0.16

  • Sensiolabs Symfony 2.0.17

  • Sensiolabs Symfony 2.0.18

  • Sensiolabs Symfony 2.0.19

  • Sensiolabs Symfony 2.0.2

  • Sensiolabs Symfony 2.0.20

  • Sensiolabs Symfony 2.0.3

  • Sensiolabs Symfony 2.0.4

  • Sensiolabs Symfony 2.0.5

  • Sensiolabs Symfony 2.0.6

  • Sensiolabs Symfony 2.0.7

  • Sensiolabs Symfony 2.0.8

  • Sensiolabs Symfony 2.0.9

  • Sensiolabs Symfony 2.1.0

  • Sensiolabs Symfony 2.1.1

  • Sensiolabs Symfony 2.1.2

  • Sensiolabs Symfony 2.1.3

  • Sensiolabs Symfony 2.2


References

CONFIRM - http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released


Last Updated: 27 May 2016 11:01:30