CVE-2017-16653

🗓️ 06 Aug 2018 21:00:29Reported by mitreType

An issue in Symfony allows CSRF attacks via HTTP MIT

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 19
Friends Of PHP	CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS	16 Nov 201715:12	–	friendsofphp
Friends Of PHP	CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS	16 Nov 201715:12	–	friendsofphp
Friends Of PHP	CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS	16 Nov 201715:12	–	friendsofphp
Github Security Blog	Symfony CSRF Vulnerability	13 May 202201:44	–	github
Prion	Cross site request forgery (csrf)	6 Aug 201821:29	–	prion
Symfony	CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS	17 Nov 201700:00	–	symfony
UbuntuCve	CVE-2017-16653	6 Aug 201800:00	–	ubuntucve
NVD	CVE-2017-16653	6 Aug 201821:29	–	nvd
RedhatCVE	CVE-2017-16653	20 May 202223:47	–	redhatcve
Cvelist	CVE-2017-16653	6 Aug 201821:00	–	cvelist

Nvd

Node

sensiolabs symfonyRange2.7.0–2.7.37

sensiolabs symfonyRange3.2.0–3.2.13

sensiolabs symfonyRange3.3.0–3.3.12

sensiolabs symfonyRange3.8.0–3.8.30

Node

debian debian_linuxMatch9.0

Source	Link
debian	www.debian.org/security/2018/dsa-4262
symfony	www.symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https
github	www.github.com/symfony/symfony/pull/24992

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Aug 2018 21:29Current

5.8Medium risk

Vulners AI Score5.8

CVSS24.3

CVSS35.9

EPSS0.00364