Lucene search

K
openvasCopyright (C) 2020 Greenbone Networks GmbHOPENVAS:1361412562310112719
HistoryApr 01, 2020 - 12:00 a.m.

Symfony 4.4.x < 4.4.7, 5.0.x < 5.0.7 Multiple Vulnerabilities

2020-04-0100:00:00
Copyright (C) 2020 Greenbone Networks GmbH
plugins.openvas.org
16

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.2 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

54.9%

Symfony is prone to multiple vulnerabilities.

# Copyright (C) 2020 Greenbone Networks GmbH
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if( description )
{
  script_oid("1.3.6.1.4.1.25623.1.0.112719");
  script_version("2021-07-08T11:00:45+0000");
  script_tag(name:"last_modification", value:"2021-07-08 11:00:45 +0000 (Thu, 08 Jul 2021)");
  script_tag(name:"creation_date", value:"2020-04-01 09:28:11 +0000 (Wed, 01 Apr 2020)");
  script_tag(name:"cvss_base", value:"5.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-04-09 17:15:00 +0000 (Thu, 09 Apr 2020)");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_cve_id("CVE-2020-5255", "CVE-2020-5275");

  script_name("Symfony 4.4.x < 4.4.7, 5.0.x < 5.0.7 Multiple Vulnerabilities");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2020 Greenbone Networks GmbH");
  script_family("Web application abuses");
  script_dependencies("gb_symfony_consolidation.nasl");
  script_mandatory_keys("symfony/detected");

  script_tag(name:"summary", value:"Symfony is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The following vulnerabilities exist:

  - When a Response does not contain a Content-Type header, Symfony falls back to the format defined
  in the Accept header of the request, leading to a possible mismatch between the response's content
  and Content-Type header. When the response is cached, this can lead to a corrupted cache where the
  cached format is not the right one (CVE-2020-5255)

  - When a Firewall checks an access control rule (using the unanimous strategy), it iterates over
  all rule attributes and grant access only if all calls to the accessDecisionManager decide to grant access.

  A bug was introduced that prevents the check of attributes as soon as
  accessDecisionManager decide to grant access on one attribute (CVE-2020-5275)");

  script_tag(name:"affected", value:"Symfony versions 4.4.0 to 4.4.6 and 5.0.0 to 5.0.6.");

  script_tag(name:"solution", value:"The issues have been fixed in Symfony 4.4.7 and 5.0.7.");

  script_xref(name:"URL", value:"https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859");
  script_xref(name:"URL", value:"https://github.com/symfony/symfony/security/advisories/GHSA-g4m9-5hpf-hx72");

  exit(0);
}

CPE = "cpe:/a:sensiolabs:symfony";

include( "host_details.inc" );
include( "version_func.inc" );

if( isnull( port = get_app_port( cpe: CPE ) ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )
  exit( 0 );

version = infos["version"];
location = infos["location"];

if( version_in_range( version: version, test_version: "4.4.0", test_version2: "4.4.6" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "4.4.7", install_path: location );
  security_message( data: report, port: port );
  exit( 0 );
}

if( version_in_range( version: version, test_version: "5.0.0", test_version2: "5.0.6" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "5.0.7", install_path: location );
  security_message( data: report, port: port );
  exit( 0 );
}

exit( 99 );

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.2 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

54.9%