12 matches found
Fedora Update for php-symfony FEDORA-2015-9025
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for php-symfony FEDORA-2015-9039
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 22 : php-symfony-2.5.12-1.fc22 (2015-9034)
2.5.12 2015-05-27 - security 14759 CVE-2015-4050 HttpKernel Do not call the FragmentListener if controller is already defined jakzal Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...
CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
CVE-2015-4050
CVE-2015-4050 affects Symfony’s HttpKernel FragmentListener when ESI/SSI is enabled. Versions affected: 2.3.19–2.3.28, 2.4.9–2.4.10, 2.5.4–2.5.11, 2.6.0–2.6.7. Root cause: FragmentListener does not verify if the "_controller" attribute is set, enabling remote attackers to bypass URL signing and s...
CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
[SECURITY] [DSA 3276-1] symfony security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3276-1 [email protected] http://www.debian.org/security/ David Prevot May 31, 2015 http://www.debian.org/security/faq -...
CVE-2015-4050: ESI unauthorized access
More info at https://symfony.com/cve-2015-4050...
CVE-2015-4050: ESI unauthorized access
More info at https://symfony.com/cve-2015-4050...