Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.703402 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 3402-1 (symfony - security update) |
Zusammenfassung: | Several vulnerabilities have;been discovered in symfony, a framework to create websites and web applications.;The Common Vulnerabilities and Exposures project identifies the following problems:;;CVE-2015-8124The RedTeam Pentesting GmbH team discovered a session fixation;vulnerability within the Remember Me;login feature, allowing an;attacker to impersonate the victim towards the web application if;the session id value was previously known to the attacker.;;CVE-2015-8125;Several potential remote timing attack vulnerabilities were;discovered in classes from the Symfony Security component and in the;legacy CSRF implementation from the Symfony Form component. |
Beschreibung: | Summary: Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8124The RedTeam Pentesting GmbH team discovered a session fixation vulnerability within the Remember Me login feature, allowing an attacker to impersonate the victim towards the web application if the session id value was previously known to the attacker. CVE-2015-8125 Several potential remote timing attack vulnerabilities were discovered in classes from the Symfony Security component and in the legacy CSRF implementation from the Symfony Form component. Affected Software/OS: symfony on Debian Linux Solution: For the stable distribution (jessie), these problems have been fixed in version 2.3.21+dfsg-4+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 2.7.7+dfsg-1. We recommend that you upgrade your symfony packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-8124 BugTraq ID: 77694 http://www.securityfocus.com/bid/77694 Bugtraq: 20151222 [RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality (Google Search) http://www.securityfocus.com/archive/1/537183/100/0/threaded Debian Security Information: DSA-3402 (Google Search) http://www.debian.org/security/2015/dsa-3402 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html http://seclists.org/fulldisclosure/2015/Dec/89 Common Vulnerability Exposure (CVE) ID: CVE-2015-8125 BugTraq ID: 77692 http://www.securityfocus.com/bid/77692 |
Copyright | Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |