Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2012-6431
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-6431

2022-10-0316:15:28
CWE-264
[email protected]
web.nvd.nist.gov
27
symfony
url encoding
security
remote attackers
bypass
vulnerability
nvd
cve-2012-6431

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.2%

JSON

Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.

Affected configurations

NVD
Node
sensiolabssymfonyMatch2.0.0
OR
sensiolabssymfonyMatch2.0.1
OR
sensiolabssymfonyMatch2.0.2
OR
sensiolabssymfonyMatch2.0.3
OR
sensiolabssymfonyMatch2.0.4
OR
sensiolabssymfonyMatch2.0.5
OR
sensiolabssymfonyMatch2.0.6
OR
sensiolabssymfonyMatch2.0.7
OR
sensiolabssymfonyMatch2.0.8
OR
sensiolabssymfonyMatch2.0.9
OR
sensiolabssymfonyMatch2.0.10
OR
sensiolabssymfonyMatch2.0.11
OR
sensiolabssymfonyMatch2.0.12
OR
sensiolabssymfonyMatch2.0.13
OR
sensiolabssymfonyMatch2.0.14
OR
sensiolabssymfonyMatch2.0.15
OR
sensiolabssymfonyMatch2.0.16
OR
sensiolabssymfonyMatch2.0.17
OR
sensiolabssymfonyMatch2.0.18
OR
sensiolabssymfonyMatch2.0.19

Related

github 1
friendsofphp 4
osv 1
veracode 1
nvd 1
prion 1
cvelist 1
symfony 1
github
github
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
2022-05-17 05:17:03
friendsofphp
friendsofphp
Routes behind a firewall are accessible even when not logged in
2012-03-19 15:59:52
Routes behind a firewall are accessible even when not logged in
2012-03-19 15:59:52
Routes behind a firewall are accessible even when not logged in
2012-03-19 15:59:52
osv
osv
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
2022-05-17 05:17:03
veracode
veracode
Double Encoding Attack
2017-07-04 15:27:29
nvd
nvd
CVE-2012-6431
2012-12-27 11:47:01
prion
prion
Spoofing
2012-12-27 11:47:00
cvelist
cvelist
CVE-2012-6431
2022-10-03 16:15:28
symfony
symfony
Security release: Symfony 2.0.20 and 2.1.5 released
2012-12-20 00:00:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.2%

JSON
Related for CVE-2012-6431
github1friendsofphp4osv1veracode1nvd1prion1cvelist1symfony1