logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2017-16653

Description

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in an HTTPS context to do CSRF attacks.


Affected Package


OS OS Version Package Name Package Version
ubuntu Upstream symfony 3.4.0+dfsg-1
ubuntu 16.04 symfony any

Related