9 matches found
squid security update
7:3.5.20-17.0.3 - Disable ESI support CVE-2024-45802Orabug: 37289058...
squid security update
7:5.5-14.3 - Disable ESI support - Resolves: RHEL-65076 - CVE-2024-45802 squid: Denial of Service processing ESI response content 7:5.5-14.2 - Resolves: RHEL-64425 TCPMISSABORTED/100 erros when uploading 7:5.5-14.1 - Resolves: RHEL-62332 - Regression Transfer-encoding:chunked data is not sent to...
GHSA-5C58-W9XC-QCJ9 Symfony Vulnerable to PHP Eval Injection
Applications with ESI support and SSI support as of Symfony 2.6 enabled and using the Symfony built-in reverse proxy the Symfony\Component\HttpKernel\HttpCache class are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server. HttpCache uses eval...
GHSA-QMQW-MPQP-MR54 Symfony Incorrect Access Control
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
JVN#19578958: Symfony vulnerable to code injection
Symfony is an open source web application framework provided by SensioLabs. Symfony contains a code injection vulnerability. Applications with ESI support enabled and using the Symfony built-in reverse proxy the HttpCache class are affected. Impact Arbitrary PHP code may be executed on the server...
CVE-2015-4050
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
Design/Logic Flaw
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...
DSA-3276-1 symfony - security update
Bulletin has no description...
CVE-2015-2308: Esi Code Injection
Affected Versions All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, 2.5.X, and 2.6.X versions of the Symfony HttpKernel component are affected by this security issue. This issue has been fixed in Symfony 2.3.27, 2.5.11, and 2.6.6. Note that no fixes are provided for Symfony 2.0, 2.1, 2.2, and 2.4 as they ar...