Search criteria
Related vulnerabilities
CNVD-2015-02822
Vulnerability from cnvd - Published: 2015-04-30
VLAI
Title
Sensio Labs Symfony安全绕过漏洞
Description
Sensio Labs Symfony是法国Sensio Labs公司的一套免费的、基于MVC架构的PHP开发框架。该框架提供常用的功能组件及工具,可用于快速创建复杂的WEB程序。
Sensio Labs Symfony存在安全绕过漏洞。由于程序处理HTTP请求时未能正确验证与可信代理连接的客户端的远程地址。攻击者可利用该漏洞实施中间人攻击,调用受限制的方法。
Severity
中
Patch Name
Sensio Labs Symfony安全绕过漏洞的补丁
Patch Description
Sensio Labs Symfony是法国Sensio Labs公司的一套免费的、基于MVC架构的PHP开发框架。该框架提供常用的功能组件及工具,可用于快速创建复杂的WEB程序。
Sensio Labs Symfony存在安全绕过漏洞。由于程序处理HTTP请求时未能正确验证与可信代理连接的客户端的远程地址。攻击者可利用该漏洞实施中间人攻击,调用受限制的方法。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class
Reference
http://symfony.com/blog/cve-2015-2308-esi-code-injection
http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class
Impacted products
| Name | ['Sensio Labs Symfony 2.0.X', 'Sensio Labs Symfony 2.1.X', 'Sensio Labs Symfony 2.2.X', 'Sensio Labs Symfony 2.3.', 'Sensio Labs Symfony 2.4.X', 'Sensio Labs Symfony 2.5.X', 'Sensio Labs Symfony 2.6.X'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-2309"
}
},
"description": "Sensio Labs Symfony\u662f\u6cd5\u56fdSensio Labs\u516c\u53f8\u7684\u4e00\u5957\u514d\u8d39\u7684\u3001\u57fa\u4e8eMVC\u67b6\u6784\u7684PHP\u5f00\u53d1\u6846\u67b6\u3002\u8be5\u6846\u67b6\u63d0\u4f9b\u5e38\u7528\u7684\u529f\u80fd\u7ec4\u4ef6\u53ca\u5de5\u5177\uff0c\u53ef\u7528\u4e8e\u5feb\u901f\u521b\u5efa\u590d\u6742\u7684WEB\u7a0b\u5e8f\u3002\r\n\r\nSensio Labs Symfony\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u5904\u7406HTTP\u8bf7\u6c42\u65f6\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u4e0e\u53ef\u4fe1\u4ee3\u7406\u8fde\u63a5\u7684\u5ba2\u6237\u7aef\u7684\u8fdc\u7a0b\u5730\u5740\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u8c03\u7528\u53d7\u9650\u5236\u7684\u65b9\u6cd5\u3002",
"discovererName": "Fabien Potencier",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-02822",
"openTime": "2015-04-30",
"patchDescription": "Sensio Labs Symfony\u662f\u6cd5\u56fdSensio Labs\u516c\u53f8\u7684\u4e00\u5957\u514d\u8d39\u7684\u3001\u57fa\u4e8eMVC\u67b6\u6784\u7684PHP\u5f00\u53d1\u6846\u67b6\u3002\u8be5\u6846\u67b6\u63d0\u4f9b\u5e38\u7528\u7684\u529f\u80fd\u7ec4\u4ef6\u53ca\u5de5\u5177\uff0c\u53ef\u7528\u4e8e\u5feb\u901f\u521b\u5efa\u590d\u6742\u7684WEB\u7a0b\u5e8f\u3002 \r\n\r\nSensio Labs Symfony\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u5904\u7406HTTP\u8bf7\u6c42\u65f6\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u4e0e\u53ef\u4fe1\u4ee3\u7406\u8fde\u63a5\u7684\u5ba2\u6237\u7aef\u7684\u8fdc\u7a0b\u5730\u5740\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u8c03\u7528\u53d7\u9650\u5236\u7684\u65b9\u6cd5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Sensio Labs Symfony\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Sensio Labs Symfony 2.0.X",
"Sensio Labs Symfony 2.1.X",
"Sensio Labs Symfony 2.2.X",
"Sensio Labs Symfony 2.3.",
"Sensio Labs Symfony 2.4.X",
"Sensio Labs Symfony 2.5.X",
"Sensio Labs Symfony 2.6.X"
]
},
"referenceLink": "http://symfony.com/blog/cve-2015-2308-esi-code-injection\r\nhttp://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class",
"serverity": "\u4e2d",
"submitTime": "2015-04-30",
"title": "Sensio Labs Symfony\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}
GHSA-P684-F7FH-JV2J
Vulnerability from github – Published: 2024-05-30 00:42 – Updated: 2024-05-30 00:42
VLAI
Summary
Symfony has unsafe methods in the Request class
Details
All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, 2.5.X, and 2.6.X versions of the Symfony HttpFoundation component are affected by this security issue.
This issue has been fixed in Symfony 2.3.27, 2.5.11, and 2.6.6. Note that no fixes are provided for Symfony 2.0, 2.1, 2.2, and 2.4 as they are not maintained anymore.
Description
The Symfony\Component\HttpFoundation\Request class provides a mechanism that ensures it does not trust HTTP header values coming from a "non-trusted" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server.
The following methods are impacted: getPort(), isSecure(), and getHost(), and getClientIps().
Resolution
All impacted methods now check that the remote address is trusted, which fixes the issue.
The patch for this issue is available here.
Severity
5.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/http-foundation"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.3.27"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/http-foundation"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.5.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/http-foundation"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.3.27"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.5.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-2309"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-30T00:42:18Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, 2.5.X, and 2.6.X versions of the Symfony HttpFoundation component are affected by this security issue.\n\nThis issue has been fixed in Symfony 2.3.27, 2.5.11, and 2.6.6. Note that no fixes are provided for Symfony 2.0, 2.1, 2.2, and 2.4 as they are not maintained anymore.\n\n### Description\nThe Symfony\\Component\\HttpFoundation\\Request class provides a mechanism that ensures it does not trust HTTP header values coming from a \"non-trusted\" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server.\n\nThe following methods are impacted: getPort(), isSecure(), and getHost(), and getClientIps().\n\n### Resolution\nAll impacted methods now check that the remote address is trusted, which fixes the issue.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/pull/14166).",
"id": "GHSA-p684-f7fh-jv2j",
"modified": "2024-05-30T00:42:18Z",
"published": "2024-05-30T00:42:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/symfony/symfony/pull/14166"
},
{
"type": "WEB",
"url": "https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml"
},
{
"type": "WEB",
"url": "https://symfony.com/cve-2015-2309"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Symfony has unsafe methods in the Request class"
}
GSD-2015-2309
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-2309",
"id": "GSD-2015-2309"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-2309"
],
"id": "GSD-2015-2309",
"modified": "2023-12-13T01:20:00.946678Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2309",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2.3.27||\u003e=2.4.0-alpha,\u003c2.5.11||\u003e=2.6.0-alpha,\u003c2.6.6",
"affected_versions": "All versions before 2.3.27, all versions starting from 2.4.0-alpha before 2.5.11, all versions starting from 2.6.0-alpha before 2.6.6",
"credit": "Dmitrii Chekaliuk, James Gilliland",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2015-04-01",
"description": "The `Symfony\\Component\\HttpFoundation\\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a \"non-trusted\" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.",
"fixed_versions": [
"v2.3.27",
"v2.5.11",
"v2.6.6"
],
"identifier": "CVE-2015-2309",
"identifiers": [
"CVE-2015-2309"
],
"not_impacted": "All versions starting from 2.3.27 before 2.4.0-alpha, all versions starting from 2.5.11 before 2.6.0-alpha, all versions starting from 2.6.6",
"package_slug": "packagist/symfony/http-foundation",
"pubdate": "2015-04-01",
"solution": "Upgrade to versions v2.3.27, v2.5.11, v2.6.6 or above.",
"title": "Unsafe methods in the Request class",
"urls": [
"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class"
],
"uuid": "d10d7c08-88ee-457a-9502-a8f8f340cbb0"
},
{
"affected_range": "\u003c2.3.27||\u003e=2.4.0-alpha,\u003c2.5.11||\u003e=2.6.0-alpha,\u003c2.6.6",
"affected_versions": "All versions before 2.3.27, all versions starting from 2.4.0-alpha before 2.5.11, all versions starting from 2.6.0-alpha before 2.6.6",
"credit": "Dmitrii Chekaliuk, James Gilliland",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2015-04-01",
"description": "The `Symfony\\Component\\HttpFoundation\\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a \"non-trusted\" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.",
"fixed_versions": [
"v2.3.27",
"v2.5.11",
"v2.6.6"
],
"identifier": "CVE-2015-2309",
"identifiers": [
"CVE-2015-2309"
],
"not_impacted": "All versions starting from 2.3.27 before 2.4.0-alpha, all versions starting from 2.5.11 before 2.6.0-alpha, all versions starting from 2.6.6",
"package_slug": "packagist/symfony/symfony",
"pubdate": "2015-04-01",
"solution": "Upgrade to versions v2.3.27, v2.5.11, v2.6.6 or above.",
"title": "Unsafe methods in the Request class",
"urls": [
"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class"
],
"uuid": "ff5e0b58-386e-4243-b0bf-ce4059e25567"
}
]
}
}
}