Test Kennung:	1.3.6.1.4.1.25623.1.0.112719
Kategorie:	Web application abuses
Titel:	Symfony 4.4.x < 4.4.7, 5.0.x < 5.0.7 Multiple Vulnerabilities
Zusammenfassung:	Symfony is prone to multiple vulnerabilities.
Beschreibung:	Summary: Symfony is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - When a Response does not contain a Content-Type header, Symfony falls back to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can lead to a corrupted cache where the cached format is not the right one (CVE-2020-5255) - When a Firewall checks an access control rule (using the unanimous strategy), it iterates over all rule attributes and grant access only if all calls to the accessDecisionManager decide to grant access. A bug was introduced that prevents the check of attributes as soon as accessDecisionManager decide to grant access on one attribute (CVE-2020-5275) Affected Software/OS: Symfony versions 4.4.0 to 4.4.6 and 5.0.0 to 5.0.6. Solution: The issues have been fixed in Symfony 4.4.7 and 5.0.7. CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-5255 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/ https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6 https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header Common Vulnerability Exposure (CVE) ID: CVE-2020-5275
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.