Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2018-C8DDC44BBB.NASL
HistoryJul 09, 2018 - 12:00 a.m.

Fedora 27 : php-symfony3 (2018-c8ddc44bbb)

2018-07-0900:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
JSON

3.3.17 (2018-05-25)

  • security #cve-2018-11407 [Ldap] cast to string when checking empty passwords

  • security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured

  • security #cve-2018-11406 clear CSRF tokens when the user is logged out

  • security #cve-2018-11385 migrating session for UsernamePasswordJsonAuthenticationListener

  • security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2018-c8ddc44bbb.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(110952);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2017-16652");
  script_xref(name:"FEDORA", value:"2018-c8ddc44bbb");

  script_name(english:"Fedora 27 : php-symfony3 (2018-c8ddc44bbb)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"## 3.3.17 (2018-05-25)

  - security #cve-2018-11407 [Ldap] cast to string when
    checking empty passwords

  - security #cve-2018-11408 [SecurityBundle] Fail if
    security.http_utils cannot be configured

  - security #cve-2018-11406 clear CSRF tokens when the user
    is logged out

  - security #cve-2018-11385 migrating session for
    UsernamePasswordJsonAuthenticationListener

  - security #cve-2018-11386 [HttpFoundation] Break infinite
    loop in PdoSessionHandler when MySQL is in loose mode

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c8ddc44bbb"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected php-symfony3 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-symfony3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/07/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/09");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC27", reference:"php-symfony3-3.3.17-1.fc27")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php-symfony3");
}
VendorProductVersionCPE
fedoraprojectfedoraphp-symfony3p-cpe:/a:fedoraproject:fedora:php-symfony3
fedoraprojectfedora27cpe:/o:fedoraproject:fedora:27

Related

fedora 6
openvas 8
nessus 7
debiancve 6
prion 6
cve 6
symfony 6
osv 14
veracode 6
ubuntucve 6
github 5
debian 2
ubuntu 1
fedora
fedora
[SECURITY] Fedora 27 Update: php-symfony-2.8.42-1.fc27
2018-07-07 22:16:59
[SECURITY] Fedora 27 Update: php-symfony3-3.3.17-1.fc27
2018-07-07 22:17:01
[SECURITY] Fedora 28 Update: php-symfony4-4.0.11-1.fc28
2018-06-06 13:33:23
openvas
openvas
Fedora Update for php-symfony FEDORA-2018-2bdfc9dc67
2018-07-08 00:00:00
Fedora Update for php-symfony3 FEDORA-2018-c8ddc44bbb
2018-07-08 00:00:00
Sensiolabs Symfony 2.7.x < 2.7.48, 2.8.x < 2.8.41, 3.3.x < 3.3.17, 3.4.x < 3.4.11, and 4.0.x < 4.0.11 Multiple Vulnerabilities
2018-11-20 00:00:00
nessus
nessus
Fedora 27 : php-symfony (2018-2bdfc9dc67)
2018-07-09 00:00:00
Fedora 28 : php-symfony (2018-eba0006df2)
2019-01-03 00:00:00
Fedora 28 : php-symfony4 (2018-96d770ddc9)
2019-01-03 00:00:00
debiancve
debiancve
CVE-2018-11408
2018-06-13 16:29:00
CVE-2018-11385
2018-06-13 16:29:00
CVE-2017-16652
2018-06-13 16:29:00
prion
prion
Open redirect
2018-06-13 16:29:00
Hardcoded credentials
2018-06-13 16:29:00
Open redirect
2018-06-13 16:29:00
cve
cve
CVE-2018-11408
2018-06-13 16:29:00
CVE-2017-16652
2018-06-13 16:29:00
CVE-2018-11386
2018-06-13 16:29:00
symfony
symfony
CVE-2018-11408: Open redirect vulnerability on security handlers
2018-05-25 00:00:00
CVE-2018-11385: Session Fixation Issue for Guard Authentication
2018-05-25 00:00:00
CVE-2018-11386: Denial of service when using PDOSessionHandler
2018-05-25 00:00:00
osv
osv
symfony - security update
2018-08-03 00:00:00
CVE-2018-11408
2018-06-13 16:29:01
Symfony Open Redirect
2022-05-14 01:21:15
veracode
veracode
Open Redirect
2018-06-14 03:06:14
Denial Of Service (DoS)
2018-06-14 02:10:41
Session Fixation
2018-06-14 06:33:52
ubuntucve
ubuntucve
CVE-2018-11408
2018-06-13 00:00:00
CVE-2018-11386
2018-06-13 00:00:00
CVE-2018-11385
2018-06-13 00:00:00
github
github
Symfony Open Redirect
2022-05-14 01:21:15
Symfony Session Fixation Vulnerability
2022-05-14 01:22:27
Symfony DoS
2022-05-14 01:14:36
debian
debian
[SECURITY] [DLA 1707-1] symfony security update
2019-03-10 01:19:23
[SECURITY] [DSA 4262-1] symfony security update
2018-08-03 16:32:58
ubuntu
ubuntu
Symfony vulnerability
2021-03-15 00:00:00
JSON
Related for FEDORA_2018-C8DDC44BBB.NASL
fedora6openvas8nessus7debiancve6prion6cve6symfony6osv14veracode6ubuntucve6github5debian2ubuntu1