Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.112719 |
Kategorie: | Web application abuses |
Titel: | Symfony 4.4.x < 4.4.7, 5.0.x < 5.0.7 Multiple Vulnerabilities |
Zusammenfassung: | Symfony is prone to multiple vulnerabilities. |
Beschreibung: | Summary: Symfony is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - When a Response does not contain a Content-Type header, Symfony falls back to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can lead to a corrupted cache where the cached format is not the right one (CVE-2020-5255) - When a Firewall checks an access control rule (using the unanimous strategy), it iterates over all rule attributes and grant access only if all calls to the accessDecisionManager decide to grant access. A bug was introduced that prevents the check of attributes as soon as accessDecisionManager decide to grant access on one attribute (CVE-2020-5275) Affected Software/OS: Symfony versions 4.4.0 to 4.4.6 and 5.0.0 to 5.0.6. Solution: The issues have been fixed in Symfony 4.4.7 and 5.0.7. CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-5255 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/ https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6 https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header Common Vulnerability Exposure (CVE) ID: CVE-2020-5275 |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |