FKIE_CVE-2017-16654

Vulnerability from fkie_nvd - Published: 2018-08-06 21:29 - Updated: 2024-11-21 03:16
Severity
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack, aka Directory Traversal.
References
cve@mitre.orghttps://github.com/symfony/symfony/pull/24994Issue Tracking, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/03/msg00009.htmlThird Party Advisory
cve@mitre.orghttps://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-pathsIssue Tracking, Vendor Advisory
cve@mitre.orghttps://www.debian.org/security/2018/dsa-4262Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/symfony/symfony/pull/24994Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/03/msg00009.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-pathsIssue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4262Third Party Advisory
Impacted products
Vendor Product Version
sensiolabs symfony *
sensiolabs symfony *
sensiolabs symfony *
sensiolabs symfony *
debian debian_linux 8.0
debian debian_linux 9.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B84DB7E-B758-4D6A-B10B-AE602F172EC0",
              "versionEndIncluding": "2.7.37",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13E4D371-1EC1-49A7-BED2-F9C36E8C5BB4",
              "versionEndIncluding": "3.2.13",
              "versionStartIncluding": "3.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49BB635A-5911-4DB0-A75C-D73EBC772283",
              "versionEndIncluding": "3.3.12",
              "versionStartIncluding": "3.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B081CEE-9990-48CE-9ED2-06CBB6F977EA",
              "versionEndIncluding": "3.8.30",
              "versionStartIncluding": "3.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack, aka Directory Traversal."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en Symfony en versiones anteriores a la 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5 y 4.0-BETA5. El componente Intl incluye varios lectores bundle que se emplean para leer bundles de recursos desde el sistema de archivos local. Los m\u00e9todos read() de estas clases emplean una ruta y una locale para determinar qu\u00e9 bundle de idioma deben recuperar. El valor del argumento locale suele recuperarse desde entradas de usuario no fiables (como un par\u00e1metro URL). Un atacante puede emplear este argumento para navegar a directorios arbitrarios mediante el ataque dot-dot-slash (punto-punto-barra), tambi\u00e9n conocido como salto de directorio."
    }
  ],
  "id": "CVE-2017-16654",
  "lastModified": "2024-11-21T03:16:46.353",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-06T21:29:00.330",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/symfony/symfony/pull/24994"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/symfony/symfony/pull/24994"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4262"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.