Symfony@2.3.0 Security Vulnerabilities and Issues — Symfony@2.3.0 CVE List

Lucene search

SensiolabsSymfony2.3.0

3 matches found

CVE•added 2015/12/07 8:59 p.m.•61 views

CVE-2015-8125

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or (2) Symfony/Component/Security/Http/Firewall/Di...

7.5CVSS6.8AI score0.01008EPSS

CVE•added 2015/12/07 8:59 p.m.•53 views

CVE-2015-8124

Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id.

6.8CVSS6.4AI score0.00247EPSS

CVE•added 2014/12/27 6:59 p.m.•49 views

CVE-2013-5958

The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a s...

5CVSS6.6AI score0.00474EPSS