CVE-2018-14773

🗓️ 03 Aug 2018 17:00:00Reported by mitreType

CVE-2018-14773: Http Foundation in Symfony potentially allows path override via IIS header

Reporter	Title	Published	Views	Family All 70
IBM Security Bulletins	Security Bulletin: IBM API Connect is impacted by a Drupal 8 vulnerability (CVE-2018-14773)	23 Aug 201816:19	–	ibm
Circl	CVE-2018-14773	6 Aug 201810:35	–	circl
CNVD	Sensio Labs Symfony Security Bypass Vulnerability (CNVD-2018-21473)	7 Aug 201800:00	–	cnvd
Cvelist	CVE-2018-14773	3 Aug 201817:00	–	cvelist
Debian	[SECURITY] [DLA 1707-1] symfony security update	10 Mar 201901:19	–	debian
Debian	[SECURITY] [DSA 4441-1] symfony security update	10 May 201906:26	–	debian
Debian	[SECURITY] [DSA 4441-1] symfony security update	10 May 201906:26	–	debian
Debian CVE	CVE-2018-14773	3 Aug 201817:00	–	debiancve
Tenable Nessus	Debian DLA-1707-1 : symfony security update	11 Mar 201900:00	–	nessus
Tenable Nessus	Debian DSA-4441-1 : symfony - security update	13 May 201900:00	–	nessus

NVD

Node

sensiolabs symfonyRange2.7.0–2.7.48

sensiolabs symfonyRange2.8.0–2.8.43

sensiolabs symfonyRange3.3.0–3.3.17

sensiolabs symfonyRange3.4.0–3.4.13

sensiolabs symfonyRange4.0.0–4.0.13

sensiolabs symfonyRange4.1.0–4.1.2

Node

Node

drupal drupalRange8.0.0–8.5.6

Source	Link
github	www.github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
securitytracker	www.securitytracker.com/id/1041405
debian	www.debian.org/security/2019/dsa-4441
drupal	www.drupal.org/SA-CORE-2018-005
symfony	www.symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
lists	www.lists.debian.org/debian-lts-announce/2019/03/msg00009.html
securityfocus	www.securityfocus.com/bid/104943
seclists	www.seclists.org/bugtraq/2019/May/21

21 Nov 2024 03:49Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24

CVSS 3.16.5

EPSS0.16652