17 matches found
CVE-2021-43444
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key...
CVE-2021-43444
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key...
CVE-2021-43444
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key...
Symfony Incorrect Access Control
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
CVE-2018-15796
The CVE-2018-15796 vulnerability affects Cloud Foundry Bits Service releases prior to 2.14.0, where an insecure hashing algorithm signs URLs. A remote attacker could obtain a signed URL and extract the signing key, gaining complete read/write access to the Bits Service storage. Mitigation: upgrad...
Unauthorised Access Through Bypassing URL Signing And Security Rules
Symfony is susceptible to unauthorized access. A malicious user can bypass URL signing and security rules by passing an empty or invalid hash to the fragment path to gain access to any controller since the application does not properly check if the controller attribute was set. This only affects...
[SECURITY] [DSA 3276-1] symfony security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3276-1 [email protected] http://www.debian.org/security/ David Prevot May 31, 2015 http://www.debian.org/security/faq -...
CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
DEBIAN-CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
Design/Logic Flaw
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
UBUNTU-CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
CVE-2015-4050
CVE-2015-4050 affects Symfony’s HttpKernel FragmentListener when ESI/SSI is enabled. Versions affected: 2.3.19–2.3.28, 2.4.9–2.4.10, 2.5.4–2.5.11, 2.6.0–2.6.7. Root cause: FragmentListener does not verify if the "_controller" attribute is set, enabling remote attackers to bypass URL signing and s...
DSA-3276-1 symfony - security update
Bulletin has no description...