Lucene search
Veracode Vulnerability DatabaseVERACODE:4397HistoryJun 07, 2017 - 8:22 a.m.
Arbitrary Code Execution Through The "internal" Routes
2017-06-0708:22:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.003 Low
EPSS
Percentile
71.8%
Symfony is vulnerable to arbitrary code execution attacks. When the @FrameworkBundle/Resources/config/routing/internal.xml internal routing configuration is used without securing its routes properly, attackers can trigger the vulnerability by using a URI beginning with a /_internal substring
| CPE | Name | Operator | Version |
|---|---|---|---|
| symfony/symfony | eq | 2.2.x-dev | |
| symfony/symfony | le | 2.0.19 | |
| symfony/symfony | le | 2.1.4 |
Related
osv
osv
Symfony Access Control Vulnerability
2022-05-17 05:17:45
cve
cve
CVE-2012-6432
2022-10-03 16:15:28
nvd
nvd
CVE-2012-6432
2012-12-27 11:47:01
cvelist
cvelist
CVE-2012-6432
2022-10-03 16:15:28
friendsofphp
friendsofphp
Code execution vulnerability via the "internal" routes
2012-12-19 09:59:52
github
github
Symfony Access Control Vulnerability
2022-05-17 05:17:45
prion
prion
Code injection
2012-12-27 11:47:00
symfony
symfony
Security release: Symfony 2.0.20 and 2.1.5 released
2012-12-20 00:00:00