CVE-2013-4752
Last modified
CVE-2013-4752 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. EPSS estimates a 2.31% chance of exploitation in the next 30 days.
Description
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sensiolabs | Symfony | >= 2.0.0, < 2.0.24 |
| Sensiolabs | Symfony | >= 2.1.0, < 2.1.12 |
| Sensiolabs | Symfony | >= 2.2.0, < 2.2.5 |
| Sensiolabs | Symfony | >= 2.3.0, < 2.3.3 |
| Fedoraproject | Fedora | 18 |
| Fedoraproject | Fedora | 19 |
References
- http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-releasedPatch, Vendor Advisory
- http://www.securityfocus.com/bid/61715Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752Issue Tracking, Patch, Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86365Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86366Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86367Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86368Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86369Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86370Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86371Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86372Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86373Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86374Third Party Advisory, VDB Entry
- http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-releasedPatch, Vendor Advisory
- http://www.securityfocus.com/bid/61715Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752Issue Tracking, Patch, Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86365Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86366Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86367Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86368Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86369Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86370Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86371Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86372Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86373Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86374Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-4752?
How severe is CVE-2013-4752?
How do I fix CVE-2013-4752?
Are you affected by CVE-2013-4752?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST