Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2018-14773

Published: 03/08/2018 Updated: 29/09/2021
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Subscribe to Sensiolabs

Vulnerability Summary

An issue exists in Http Foundation in Symfony 2.7.0 up to and including 2.7.48, 2.8.0 up to and including 2.8.43, 3.3.0 up to and including 3.3.17, 3.4.0 up to and including 3.4.13, 4.0.0 up to and including 4.0.13, and 4.1.0 up to and including 4.1.2. It arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects \Symfony\Component\HttpFoundation\Request::prepareRequestUri() where X-Original-URL and X_REWRITE_URL are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sensiolabs symfony

debian debian linux 8.0

debian debian linux 9.0

drupal drupal

Vendor Advisories

Debian Security Advisories: DSA-4441-1 symfony -- security update
Multiple vulnerabilities were discovered in the Symfony PHP framework which could lead to cache bypass, authentication bypass, information disclosure, open redirect, cross-site request forgery, deletion of arbitrary files, or arbitrary code execution For the stable distribution (stretch), these problems have been fixed in version 287+dfsg-13+de ...
Arch Linux Issues:
Support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header allows a user to access one URL but have Symfony return a different one which can bypass restrictions on higher level caches and web servers The fix drops support for these two obsolete IIS headers: X- ...

Github Repositories

https://github.com/michalbiesek/http-header-appscope

http-header-appscope This demo presents observability setup based on AppScope and Logstream used for detection Let's focus on simple client-server communication In context of control/observability we can say that: Component Can be observed by the Server side Is fully controlled by the Server side Client No No Client Request Yes No Server Response Yes Yes Serv

References

NVD-CWE-noinfohttps://www.drupal.org/SA-CORE-2018-005https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headershttps://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6bhttp://www.securitytracker.com/id/1041405http://www.securityfocus.com/bid/104943https://lists.debian.org/debian-lts-announce/2019/03/msg00009.htmlhttps://www.debian.org/security/2019/dsa-4441https://seclists.org/bugtraq/2019/May/21https://nvd.nist.govhttps://github.com/michalbiesek/http-header-appscopehttps://www.debian.org/security/2019/dsa-4441
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgeryCVE-2024-34351CVE-2024-1076CVE-2024-25522CVE-2024-34547CVE-2024-4644unauthorizedremoteCVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook