Detections
Analytics
CVE-2013-4752
medium
Description
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/86374
https://exchange.xforce.ibmcloud.com/vulnerabilities/86373
https://exchange.xforce.ibmcloud.com/vulnerabilities/86372
https://exchange.xforce.ibmcloud.com/vulnerabilities/86371
https://exchange.xforce.ibmcloud.com/vulnerabilities/86370
https://exchange.xforce.ibmcloud.com/vulnerabilities/86369
https://exchange.xforce.ibmcloud.com/vulnerabilities/86368
https://exchange.xforce.ibmcloud.com/vulnerabilities/86367
https://exchange.xforce.ibmcloud.com/vulnerabilities/86366
https://exchange.xforce.ibmcloud.com/vulnerabilities/86365
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752
http://www.securityfocus.com/bid/61715
http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html