CVE-2012-6431

Published Dec 27, 2012

Last updated 3 months ago

CVSS info 6.4

Overview

Description: Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "379F1431-3466-4263-8C02-D6541E593F65"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CBEC708-96A2-43DD-88C0-9407ABB6D4FF"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56B52BED-2996-4C96-A348-98A8C72C8EA2"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C6279E7-F362-4C13-A965-908BCF9C30E3"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A101B27-9AE7-4C04-80BC-03A981217782"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3360BFF1-89ED-4294-A503-835C9C40C7D7"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE78FEA0-42E8-463C-9C7C-C778F712BB0F"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF5CEE9C-822C-491F-841C-218AA21C0AD1"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "822F9083-5542-41AA-B9FA-1B43DE633340"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "165F68AE-AB34-4C20-88C6-56210548242B"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B13BE7AA-72FD-402D-8919-BC5F23D03EFD"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34B1B511-5EBC-4301-A561-AE15B63DFC74"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AF62D2D-2D62-4F15-83CD-F635DC838031"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B3A8431-356C-498F-AAEA-EC8D05D74877"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E53A27F2-9C3D-4670-BE1E-A1F6994EF1CA"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18DEB929-6B35-488B-80BF-70448BF7A6F0"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EB03E2D-F137-4CBA-887D-D1461735C958"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D37175A7-C937-4758-8EED-BE24C43AA115"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1EF598F-F8F6-4980-BC76-C2FAF8FE7AF8"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3CD1432-1C91-4DFE-86E0-E5E97775A425"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References