CVE-2017-16652 — Open Redirect in Symfony
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 55.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 13
Latest updateMay 14
Description
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages5 packages
Also affects: Debian Linux 8.0
🔴Vulnerability Details
5📋Vendor Advisories
1Debian▶
CVE-2017-16652: symfony - An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2...↗2017
💬Community
6Bugzilla▶
CVE-2017-16652 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406 CVE-2018-11407 CVE-2018-11408 php-symfony4: php-symfony: Multiple flaws [fedora-all]↗2018-06-15
Bugzilla▶
CVE-2017-16652 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406 CVE-2018-11407 CVE-2018-11408 php-symfony-symfony: php-symfony: Multiple flaws [epel-6]↗2018-06-15
Bugzilla▶
CVE-2017-16652 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406 CVE-2018-11407 CVE-2018-11408 php-symfony3: php-symfony: Multiple flaws [fedora-all]↗2018-06-15
Bugzilla▶
CVE-2017-16652 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406 CVE-2018-11407 CVE-2018-11408 php-symfony: Multiple flaws↗2018-06-14
Bugzilla▶
CVE-2017-16652 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406 CVE-2018-11407 CVE-2018-11408 php-symfony: Multiple flaws [fedora-all]↗2018-06-14