CVE-2013-4752 — MEDIUM (6.1)

Q: How severe is CVE-2013-4752?

CVE-2013-4752 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-4752?

Check the references section above for vendor advisories and patch information. Affected products include: Sensiolabs Symfony, Fedoraproject Fedora.

Vulnerability Description

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Sensiolabs	Symfony	>= 2.0.0, < 2.0.24
Fedoraproject	Fedora	18

Related Weaknesses (CWE)

CWE-79

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.htmThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.htmThird Party Advisory
http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-PatchVendor Advisory
http://www.securityfocus.com/bid/61715Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752Issue TrackingPatchThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/86365Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86366Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86367Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86368Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86369Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86370Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86371Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86372Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86373Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86374Third Party AdvisoryVDB Entry

FAQ

What is CVE-2013-4752?

CVE-2013-4752 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the f...

How severe is CVE-2013-4752?

CVE-2013-4752 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4752?

Check the references section above for vendor advisories and patch information. Affected products include: Sensiolabs Symfony, Fedoraproject Fedora.