Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-16653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony...

5.9CVSS6.5AI score0.01472EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/08/06 9:29 p.m.3 views

CVE-2017-16653

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony Version =2 does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in ...

5.9CVSS5.6AI score0.01472EPSS
Exploits0References4
CVE
CVE
added 2018/08/06 9:0 p.m.91 views

CVE-2017-16653

CVE-2017-16653 concerns Symfony’s CSRF protection: versions prior to 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5 use the same CSRF token for HTTP and HTTPS, enabling MITM abuse where an HTTP token could be used in HTTPS to perform a CSRF attack. The impact is described in the CVE as ...

5.9CVSS5.8AI score0.01472EPSS
Exploits0References3Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/11/16 3:12 p.m.26 views

CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS

More info at https://symfony.com/cve-2017-16653...

5.9CVSS7.2AI score0.01472EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/11/16 3:12 p.m.29 views

CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS

More info at https://symfony.com/cve-2017-16653...

5.9CVSS7.2AI score0.01472EPSS
Exploits0Affected Software1
Rows per page
Query Builder