CVE-2015-4050

NUCLEI

Sensiolabs Symfony < 2.3.29 - Improper Access Control

Title source: rule

Description

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.

Nuclei Templates (1)

Symfony - Authentication Bypass

MEDIUMby ELSFA7110,meme-lord

Shodan: cpe:"cpe:2.3:a:sensiolabs:symfony"

References (6)

[Vendor Advisory] http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/74928

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159513.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159603.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159610.html

[Third Party Advisory] http://www.debian.org/security/2015/dsa-3276

Scores

EPSS 0.7619

EPSS Percentile 98.9%

Details

CWE

CWE-284

Status published

Products (29)

sensiolabs/symfony 2.3.19

sensiolabs/symfony 2.3.20

sensiolabs/symfony 2.3.21

sensiolabs/symfony 2.3.22

sensiolabs/symfony 2.3.23

sensiolabs/symfony 2.3.24

sensiolabs/symfony 2.3.25

sensiolabs/symfony 2.3.26

sensiolabs/symfony 2.3.27

sensiolabs/symfony 2.3.28

... and 19 more

Published Jun 02, 2015

Tracked Since Feb 18, 2026