CVE-2016-4423
Published Jun 1, 2016
Last updated 8 years ago
Overview
- Description
- The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-399
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "363F096B-9543-4632-AEE7-EA8E78376EE6",
"versionEndIncluding": "2.3.40"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABCF4EF8-5251-46B4-9B53-44783CD82082"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A03AAA02-DB58-42C5-B4A6-C2608CDB7123"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7DA4FA9-AED8-4CCB-85E4-6D0BF6776FC2"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32021069-B447-40B2-BBF9-0D2CFDE8ECC5"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38F01C2E-5A1B-441A-B58C-C450AA1C1410"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "660AA98C-4E93-4D8B-A4EC-A94E24DCDB9E"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "388F9E94-C2C1-4010-97DA-B008E89D500F"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F89AEFB-7D2C-46EF-B0FF-D8C1B636EB30"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA6F1CF5-F8A5-43E2-B9C4-912A0583E558"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AA4F511-1DFF-4705-9752-D0A35A6B3421"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8176FACA-64A3-40C3-AD08-EA5840E5FEDF"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B18C5B9-F80D-460C-A65B-2445ED71119F"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34D7BE55-A7CC-4BA5-B776-02A63707BBB1"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C01C2E25-6FEE-49C8-A9D8-F4935A0F915E"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68869331-57A0-451D-9888-32643537B736"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3598D2C0-4AB1-4C4F-98ED-2862E7C42497"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F100F2F-EB9F-41E3-AB84-49E49A61C728"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "135156B2-2ADF-4127-A4F1-309FB99868B8"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AABE15FF-B488-49D6-B284-89ECE1C2E54C"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D07C355A-FF00-44DF-A899-B727DAEBB83F"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "235F1F79-E3FB-452C-98E3-A3D978CC9819"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC270EEB-02CC-4960-9F3D-41AB86636864"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1570191-3967-4C89-B7B3-07C4FC369C95"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FC56E52-31DB-4B3C-8E07-B7358079DEC9"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE067114-08AF-46F0-8F46-1485C93A8857"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
}
],
"operator": "OR"
}
]
}
]