Open Redirect Vulnerability in Symfony Web Application Framework
CVE-2017-16652

6.1MEDIUM

Key Information:

Vendor: Sensiolabs
Status: Symfony
Vendor: CVE Published:; 13 June 2018

What is CVE-2017-16652?

An issue in the Symfony framework affects multiple versions, where the DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler processes the _target_path parameter without proper validation. This oversight permits an attacker to redirect users to arbitrary external domains, facilitating phishing schemes and potentially compromising sensitive information. It is crucial for users of affected Symfony versions to apply security updates to mitigate this risk.

References

https://symfony.com/blog/cve-2017-16652-open-redirect-vul...

x_refsource_CONFIRM

https://lists.debian.org/debian-lts-announce/2019/03/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 13, 2018
Vulnerability Reserved
Nov 7, 2017

JSON

Sensiolabs

What is CVE-2017-16652?

References

CVSS V3.1

Timeline