Lucene search
Veracode Vulnerability DatabaseVERACODE:47314HistoryJun 03, 2024 - 7:23 a.m.
Sensitive Information Disclosure
2024-06-0307:23:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
sensitive information disclosure
fragmenthandler vulnerability
esi requests
AI Score
6.6
Confidence
Low
Symfony is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the FragmentHandler considering all fragment render requests as coming from a trusted source, regardless of their origin, due to the inability to distinguish between legitimate ESI requests by a trusted proxy like Varnish and direct.
Related
osv
osv
Symfony allows direct access of ESI URLs behind a trusted proxy
2024-05-30 00:46:52
github
github
Symfony allows direct access of ESI URLs behind a trusted proxy
2024-05-30 00:46:52
cve
cve
CVE-2014-5245
2023-01-29 20:37:01
friendsofphp
friendsofphp
Direct access of ESI URLs behind a trusted proxy
2014-09-03 07:40:02
Direct access of ESI URLs behind a trusted proxy
2014-09-03 07:40:02
symfony
symfony
CVE-2014-5245: Direct access of ESI URLs behind a trusted proxy
2014-09-03 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: php-symfony-2.5.4-1.fc21
2014-09-23 04:24:16
[SECURITY] Fedora 20 Update: php-symfony-2.5.11-1.fc20
2015-04-18 09:30:28
[SECURITY] Fedora 20 Update: php-symfony-2.5.12-1.fc20
2015-06-05 23:49:57
nessus
nessus
Fedora 21 : php-symfony-2.5.4-1.fc21 (2014-10239)
2014-09-23 00:00:00
openvas
openvas
Fedora Update for php-symfony FEDORA-2015-5464
2015-04-19 00:00:00
Fedora Update for php-symfony FEDORA-2015-9025
2015-06-09 00:00:00