Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/16 12:0 a.m.22 views

Ubuntu 18.04 ESM : Symfony vulnerability (USN-4836-1)

The remote Ubuntu 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4836-1 advisory. It was discovered that Symfony through the HttpFoundation component allowed unauthorized access on a misconfigured LDAP server. A remote attacker could use this...

9.8CVSS8.2AI score0.02345EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/11/20 12:0 a.m.28 views

Sensiolabs Symfony 2.8.x < 2.8.37, 3.3.x < 3.3.17, 3.4.x < 3.4.7 and 4.0.x < 4.0.7 Authentication Bypass Vulnerability

This host runs Symfony and is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

9.8CVSS9.7AI score0.02345EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/08/15 12:0 a.m.25 views

Fedora Update for php-symfony3 FEDORA-2018-6f3ceeb7cb

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.9AI score0.58061EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/07/09 12:0 a.m.23 views

Fedora 27 : php-symfony3 (2018-c8ddc44bbb)

3.3.17 2018-05-25 - security cve-2018-11407 Ldap cast to string when checking empty passwords - security cve-2018-11408 SecurityBundle Fail if security.httputils cannot be configured - security cve-2018-11406 clear CSRF tokens when the user is logged out - security cve-2018-11385 migrating sessio...

9.8CVSS6.8AI score0.02345EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/07/08 12:0 a.m.34 views

Fedora Update for php-symfony3 FEDORA-2018-c8ddc44bbb

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7AI score0.02345EPSS
Exploits0References2
NVD
NVD
added 2018/06/13 4:29 p.m.15 views

CVE-2018-11407

An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE:...

9.8CVSS9.9AI score0.02345EPSS
Exploits0References1
OSV
OSV
added 2018/06/13 4:29 p.m.17 views

CVE-2018-11407

An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE:...

9.8CVSS10AI score0.02345EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/06/13 4:29 p.m.19 views

CVE-2018-11407

An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE:...

9.8CVSS7.2AI score0.02345EPSS
Exploits0References3
OSV
OSV
added 2018/06/13 4:29 p.m.3 views

UBUNTU-CVE-2018-11407

An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE:...

9.8CVSS7.3AI score0.02345EPSS
Exploits0References4
CVE
CVE
added 2018/06/13 4:0 p.m.86 views

CVE-2018-11407

CVE-2018-11407 affects Symfony’s LDAP authentication path. The issue allows remote attackers to bypass authentication by logging in with a null password and a valid username, triggering an unauthenticated bind. It impacts Symfony versions: 2.8.x before 2.8.37; 3.3.x before 3.3.17; 3.4.x before 3....

9.8CVSS8.2AI score0.02345EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2018/06/13 4:0 p.m.24 views

CVE-2018-11407

An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE:...

9.8CVSS10AI score0.02345EPSS
Exploits0
Friends Of PHP
Friends Of PHP
added 2018/05/25 12:12 p.m.17 views

CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password

More info at https://symfony.com/cve-2018-11407...

9.8CVSS7.2AI score0.02345EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/05/25 12:12 p.m.18 views

CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password

More info at https://symfony.com/cve-2018-11407...

9.8CVSS7.2AI score0.02345EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/05/25 12:12 p.m.30 views

CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password

More info at https://symfony.com/cve-2018-11407...

9.8CVSS7.2AI score0.02345EPSS
Exploits0Affected Software1
Symfony
Symfony
added 2018/05/25 12:0 a.m.8 views

CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password

Affected versions Symfony 2.8.0 to 2.8.36, 3.3.0 to 3.3.16, 3.4.0 to 3.4.6, and 4.0.0 to 4.0.6 versions of the Symfony LDAP component are affected by this security issue. The issue has been fixed in Symfony 2.8.37, 3.3.17, 3.4.7, and 4.0.7. 4.1.0 has also been fixed before its final release. Note...

9.8CVSS7.8AI score0.02925EPSS
Exploits0
Rows per page
Query Builder