CVE-2016-4423

Published Jun 1, 2016

Last updated 9 years ago

CVSS high 7.5

Overview

Description: The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-399

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "363F096B-9543-4632-AEE7-EA8E78376EE6",
            "versionEndIncluding": "2.3.40"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABCF4EF8-5251-46B4-9B53-44783CD82082"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A03AAA02-DB58-42C5-B4A6-C2608CDB7123"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7DA4FA9-AED8-4CCB-85E4-6D0BF6776FC2"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32021069-B447-40B2-BBF9-0D2CFDE8ECC5"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38F01C2E-5A1B-441A-B58C-C450AA1C1410"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "660AA98C-4E93-4D8B-A4EC-A94E24DCDB9E"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "388F9E94-C2C1-4010-97DA-B008E89D500F"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F89AEFB-7D2C-46EF-B0FF-D8C1B636EB30"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA6F1CF5-F8A5-43E2-B9C4-912A0583E558"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AA4F511-1DFF-4705-9752-D0A35A6B3421"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8176FACA-64A3-40C3-AD08-EA5840E5FEDF"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B18C5B9-F80D-460C-A65B-2445ED71119F"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34D7BE55-A7CC-4BA5-B776-02A63707BBB1"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C01C2E25-6FEE-49C8-A9D8-F4935A0F915E"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68869331-57A0-451D-9888-32643537B736"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3598D2C0-4AB1-4C4F-98ED-2862E7C42497"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F100F2F-EB9F-41E3-AB84-49E49A61C728"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "135156B2-2ADF-4127-A4F1-309FB99868B8"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AABE15FF-B488-49D6-B284-89ECE1C2E54C"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D07C355A-FF00-44DF-A899-B727DAEBB83F"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "235F1F79-E3FB-452C-98E3-A3D978CC9819"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC270EEB-02CC-4960-9F3D-41AB86636864"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1570191-3967-4C89-B7B3-07C4FC369C95"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FC56E52-31DB-4B3C-8E07-B7358079DEC9"
          },
          {
            "criteria": "cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE067114-08AF-46F0-8F46-1485C93A8857"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References