Vulnerability in Symfony HttpFoundation component affects multiple versions
CVE-2013-4752

6.1MEDIUM

Key Information:

Vendor

Sensiolabs

Status
Symfony
Vendor
CVE Published:
2 January 2020

What is CVE-2013-4752?

The Symfony framework's HttpFoundation component in specific versions is vulnerable to Host header manipulation. Attackers can exploit this issue when the framework generates absolute URLs, potentially allowing for the injection of malicious content into web application pages. This manipulation can lead to various attack vectors, compromising web application security and integrity. It is crucial for users of affected Symfony versions to apply the necessary updates to mitigate the risks linked to this vulnerability.

References

http://symfony.com/blog/security-releases-symfony-2-0-24-...
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/86367
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.