Timing Attack Vulnerability in Symfony Framework by Symfony
CVE-2019-18887

8.1HIGH

Key Information:

Vendor

Sensiolabs

Status
Symfony
Vendor
CVE Published:
21 November 2019

What is CVE-2019-18887?

A timing attack vulnerability was identified in the Symfony Framework, affecting specific versions where the UriSigner component is susceptible. This flaw allows attackers to gain sensitive information through the manipulation of processing times. Upgrading to the fixed versions is essential to mitigate potential exploitation.

References

https://symfony.com/blog/symfony-4-3-8-released
x_refsource_CONFIRM
https://github.com/symfony/symfony/releases/tag/v4.3.8
x_refsource_CONFIRM
https://symfony.com/blog/cve-2019-18887-use-constant-time...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.