Executive Summary
Summary | |
---|---|
Title | symfony security update |
Informations | |||
---|---|---|---|
Name | DSA-3402 | First vendor Publication | 2015-11-24 |
Vendor | Debian | Last vendor Modification | 2015-11-24 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8124 The RedTeam Pentesting GmbH team discovered a session fixation vulnerability within the "Remember Me" login feature, allowing an attacker to impersonate the victim towards the web application if the session id value was previously known to the attacker. CVE-2015-8125 Several potential remote timing attack vulnerabilities were discovered in classes from the Symfony Security component and in the legacy CSRF implementation from the Symfony Form component. For the stable distribution (jessie), these problems have been fixed in version 2.3.21+dfsg-4+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 2.7.7+dfsg-1. We recommend that you upgrade your symfony packages. |
Original Source
Url : http://www.debian.org/security/2015/dsa-3402 |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2015-0b89738311.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2015-0efcb5fbc5.nasl - Type : ACT_GATHER_INFO |
2015-11-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3402.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-03-10 05:28:17 |
|
2016-03-09 21:29:15 |
|
2016-03-03 00:24:56 |
|
2015-12-09 00:28:45 |
|
2015-12-08 00:29:40 |
|
2015-11-26 13:27:35 |
|
2015-11-24 21:26:06 |
|