CVE-2012-6432Improper Access Control in Symfony

CWE-264CWE-284Improper Access Control4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.4%
top 37.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SymfonySensiolabs Symfony
Timeline
PublishedDec 27
Latest updateMay 17

Description

Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Packagistsymfony/symfony2.0.02.0.20+1
NVDsensiolabs/symfony26 versions+25

🔴Vulnerability Details

3
GHSA
Symfony Access Control Vulnerability2022-05-17
OSV
Symfony Access Control Vulnerability2022-05-17
CVEList
CVE-2012-6432: Symfony 22012-12-27
CVE-2012-6432 — Improper Access Control in Symfony | cvebase