Debian Local Security Checks : Debian Security Advisory DSA 3402-1 (symfony

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.703402

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 3402-1 (symfony - security update)

Zusammenfassung: Several vulnerabilities have;been discovered in symfony, a framework to create websites and web applications.;The Common Vulnerabilities and Exposures project identifies the following problems:;;CVE-2015-8124The RedTeam Pentesting GmbH team discovered a session fixation;vulnerability within the Remember Me;login feature, allowing an;attacker to impersonate the victim towards the web application if;the session id value was previously known to the attacker.;;CVE-2015-8125;Several potential remote timing attack vulnerabilities were;discovered in classes from the Symfony Security component and in the;legacy CSRF implementation from the Symfony Form component.

Beschreibung: Summary:
Several vulnerabilities have
been discovered in symfony, a framework to create websites and web applications.
The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2015-8124The RedTeam Pentesting GmbH team discovered a session fixation
vulnerability within the Remember Me
login feature, allowing an
attacker to impersonate the victim towards the web application if
the session id value was previously known to the attacker.

CVE-2015-8125
Several potential remote timing attack vulnerabilities were
discovered in classes from the Symfony Security component and in the
legacy CSRF implementation from the Symfony Form component.

Affected Software/OS:
symfony on Debian Linux

Solution:
For the stable distribution (jessie),
these problems have been fixed in version 2.3.21+dfsg-4+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 2.7.7+dfsg-1.

We recommend that you upgrade your symfony packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-8124
BugTraq ID: 77694
http://www.securityfocus.com/bid/77694
Bugtraq: 20151222 [RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality (Google Search)
http://www.securityfocus.com/archive/1/537183/100/0/threaded
Debian Security Information: DSA-3402 (Google Search)
http://www.debian.org/security/2015/dsa-3402
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html
http://seclists.org/fulldisclosure/2015/Dec/89
Common Vulnerability Exposure (CVE) ID: CVE-2015-8125
BugTraq ID: 77692
http://www.securityfocus.com/bid/77692

Copyright Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.703402
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 3402-1 (symfony - security update)
Zusammenfassung:	Several vulnerabilities have;been discovered in symfony, a framework to create websites and web applications.;The Common Vulnerabilities and Exposures project identifies the following problems:;;CVE-2015-8124The RedTeam Pentesting GmbH team discovered a session fixation;vulnerability within the Remember Me;login feature, allowing an;attacker to impersonate the victim towards the web application if;the session id value was previously known to the attacker.;;CVE-2015-8125;Several potential remote timing attack vulnerabilities were;discovered in classes from the Symfony Security component and in the;legacy CSRF implementation from the Symfony Form component.
Beschreibung:	Summary: Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8124The RedTeam Pentesting GmbH team discovered a session fixation vulnerability within the Remember Me login feature, allowing an attacker to impersonate the victim towards the web application if the session id value was previously known to the attacker. CVE-2015-8125 Several potential remote timing attack vulnerabilities were discovered in classes from the Symfony Security component and in the legacy CSRF implementation from the Symfony Form component. Affected Software/OS: symfony on Debian Linux Solution: For the stable distribution (jessie), these problems have been fixed in version 2.3.21+dfsg-4+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 2.7.7+dfsg-1. We recommend that you upgrade your symfony packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8124 BugTraq ID: 77694 http://www.securityfocus.com/bid/77694 Bugtraq: 20151222 [RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality (Google Search) http://www.securityfocus.com/archive/1/537183/100/0/threaded Debian Security Information: DSA-3402 (Google Search) http://www.debian.org/security/2015/dsa-3402 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html http://seclists.org/fulldisclosure/2015/Dec/89 Common Vulnerability Exposure (CVE) ID: CVE-2015-8125 BugTraq ID: 77692 http://www.securityfocus.com/bid/77692
Copyright	Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net