Lucene search
HistoryJun 24, 2015 - 10:59 a.m.
CVE-2015-2308
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.6
Confidence
Low
EPSS
0.005
Percentile
77.1%
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language=“php” attribute of a SCRIPT element.
Affected configurations
Node
sensiolabssymfonyMatch2.0.0
ORsensiolabssymfonyMatch2.0.1
ORsensiolabssymfonyMatch2.0.2
ORsensiolabssymfonyMatch2.0.3
ORsensiolabssymfonyMatch2.0.4
ORsensiolabssymfonyMatch2.0.5
ORsensiolabssymfonyMatch2.0.6
ORsensiolabssymfonyMatch2.0.7
ORsensiolabssymfonyMatch2.0.8
ORsensiolabssymfonyMatch2.0.9
ORsensiolabssymfonyMatch2.0.10
ORsensiolabssymfonyMatch2.0.11
ORsensiolabssymfonyMatch2.0.12
ORsensiolabssymfonyMatch2.0.13
ORsensiolabssymfonyMatch2.0.14
ORsensiolabssymfonyMatch2.0.15
ORsensiolabssymfonyMatch2.0.16
ORsensiolabssymfonyMatch2.0.17
ORsensiolabssymfonyMatch2.0.18
ORsensiolabssymfonyMatch2.0.19
ORsensiolabssymfonyMatch2.0.20
ORsensiolabssymfonyMatch2.0.21
ORsensiolabssymfonyMatch2.0.22
ORsensiolabssymfonyMatch2.1.0
ORsensiolabssymfonyMatch2.1.1
ORsensiolabssymfonyMatch2.1.2
ORsensiolabssymfonyMatch2.1.3
ORsensiolabssymfonyMatch2.1.4
ORsensiolabssymfonyMatch2.1.5
ORsensiolabssymfonyMatch2.1.6
ORsensiolabssymfonyMatch2.1.7
ORsensiolabssymfonyMatch2.2.0
ORsensiolabssymfonyMatch2.2.1
ORsensiolabssymfonyMatch2.2.2
ORsensiolabssymfonyMatch2.2.3
ORsensiolabssymfonyMatch2.2.4
ORsensiolabssymfonyMatch2.2.5
ORsensiolabssymfonyMatch2.2.6
ORsensiolabssymfonyMatch2.2.8
ORsensiolabssymfonyMatch2.2.9
ORsensiolabssymfonyMatch2.2.10
ORsensiolabssymfonyMatch2.2.11
ORsensiolabssymfonyMatch2.3.19
ORsensiolabssymfonyMatch2.3.20
ORsensiolabssymfonyMatch2.3.21
ORsensiolabssymfonyMatch2.3.22
ORsensiolabssymfonyMatch2.3.23
ORsensiolabssymfonyMatch2.3.24
ORsensiolabssymfonyMatch2.3.25
ORsensiolabssymfonyMatch2.3.26
ORsensiolabssymfonyMatch2.4.1
ORsensiolabssymfonyMatch2.4.2
ORsensiolabssymfonyMatch2.4.3
ORsensiolabssymfonyMatch2.4.4
ORsensiolabssymfonyMatch2.4.5
ORsensiolabssymfonyMatch2.4.6
ORsensiolabssymfonyMatch2.4.7
ORsensiolabssymfonyMatch2.4.8
ORsensiolabssymfonyMatch2.4.9
ORsensiolabssymfonyMatch2.4.10
ORsensiolabssymfonyMatch2.5.1
ORsensiolabssymfonyMatch2.5.2
ORsensiolabssymfonyMatch2.5.3
ORsensiolabssymfonyMatch2.5.4
ORsensiolabssymfonyMatch2.5.5
ORsensiolabssymfonyMatch2.5.6
ORsensiolabssymfonyMatch2.5.7
ORsensiolabssymfonyMatch2.5.8
ORsensiolabssymfonyMatch2.5.9
ORsensiolabssymfonyMatch2.5.10
ORsensiolabssymfonyMatch2.6.0
ORsensiolabssymfonyMatch2.6.1
ORsensiolabssymfonyMatch2.6.3
ORsensiolabssymfonyMatch2.6.4
ORsensiolabssymfonyMatch2.6.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sensiolabs | symfony | 2.0.0 | cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:* |
| sensiolabs | symfony | 2.0.1 | cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:* |
| sensiolabs | symfony | 2.0.2 | cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:* |
| sensiolabs | symfony | 2.0.3 | cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:* |
| sensiolabs | symfony | 2.0.4 | cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:* |
| sensiolabs | symfony | 2.0.5 | cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:* |
| sensiolabs | symfony | 2.0.6 | cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:* |
| sensiolabs | symfony | 2.0.7 | cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:* |
| sensiolabs | symfony | 2.0.8 | cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:* |
| sensiolabs | symfony | 2.0.9 | cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:* |
Related
prion
prion
Sql injection
2015-06-24 10:59:00
osv
osv
Symfony Vulnerable to PHP Eval Injection
2022-05-17 03:34:11
cvelist
cvelist
CVE-2015-2308
2015-06-24 10:00:00
cve
cve
CVE-2015-2308
2015-06-24 10:59:01
friendsofphp
friendsofphp
Esi Code Injection
2015-04-01 18:55:26
Esi Code Injection
2015-04-01 18:55:26
github
github
Symfony Vulnerable to PHP Eval Injection
2022-05-17 03:34:11
symfony
symfony
CVE-2015-2308: Esi Code Injection
2015-04-01 00:00:00
ubuntucve
ubuntucve
CVE-2015-2308
2015-06-24 00:00:00
debiancve
debiancve
CVE-2015-2308
2015-06-24 10:59:01
jvn
jvn
JVN#19578958: Symfony vulnerable to code injection
2015-06-23 00:00:00
veracode
veracode
Arbitrary Code Injection
2017-07-28 08:49:25
openvas
openvas
Fedora Update for php-symfony FEDORA-2015-5457
2015-04-19 00:00:00
Fedora Update for php-symfony FEDORA-2015-5504
2015-07-07 00:00:00
Fedora Update for php-symfony FEDORA-2015-9039
2015-06-09 00:00:00
nessus
nessus
Fedora 21 : php-symfony-2.5.11-1.fc21 (2015-5457)
2015-04-20 00:00:00
Fedora 22 : php-symfony-2.5.11-1.fc22 (2015-5504)
2015-04-22 00:00:00
Fedora 20 : php-symfony-2.5.11-1.fc20 (2015-5464)
2015-04-20 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: php-symfony-2.5.11-1.fc22
2015-04-21 18:53:37
[SECURITY] Fedora 21 Update: php-symfony-2.5.11-1.fc21
2015-04-18 09:34:37
[SECURITY] Fedora 21 Update: php-symfony-2.5.12-1.fc21
2015-06-06 00:05:41
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.6
Confidence
Low
EPSS
0.005
Percentile
77.1%
Related for NVD:CVE-2015-2308