Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-4050Improper Access Control in Http-kernel

CWE-284Improper Access Control11 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
76.2%
top 1.07%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
SymfonySymfony Http-kernelSensiolabs Symfony
Timeline
PublishedJun 2
Latest updateMay 17

Description

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

Packagistsymfony/symfony2.3.192.3.29+3
Packagistsymfony/http-kernel2.3.192.3.29+3
Debiansymfony/symfony< 2.7.0~beta2+dfsg-2+3
NVDsensiolabs/symfony27 versions+26

🔴Vulnerability Details

4
GHSA
Symfony Incorrect Access Control2022-05-17
OSV
Symfony Incorrect Access Control2022-05-17
CVEList
CVE-2015-4050: FragmentListener in the HttpKernel component in Symfony 22015-06-02
OSV
CVE-2015-4050: FragmentListener in the HttpKernel component in Symfony 22015-06-02

💥Exploits & PoCs

1
Nuclei
Symfony - Authentication Bypass

📋Vendor Advisories

1
Debian
CVE-2015-4050: symfony - FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2...2015

💬Community

4
Bugzilla
CVE-2015-4050 php-symfony: ESI unauthorized access [epel-6]2015-06-02
Bugzilla
CVE-2015-4050 php-symfony: ESI unauthorized access [epel-7]2015-06-02
Bugzilla
CVE-2015-4050 php-symfony: ESI unauthorized access2015-06-02
Bugzilla
CVE-2015-4050 php-symfony: ESI unauthorized access [fedora-all]2015-06-02
CVE-2015-4050 — Improper Access Control in Http-kernel | cvebase