CVE-2015-4050
NUCLEISymfony HttpKernel 2.3.19-2.3.28, 2.4.9-2.4.10, 2.5.4-2.5.11, 2.6.0-2.6.7 - Security Bypass via FragmentListener
Title source: llmExploitation Summary
CVE-2015-4050 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.
Nuclei Templates (1)
Symfony - Authentication Bypass
MEDIUMby ELSFA7110,meme-lord
Shodan:
cpe:"cpe:2.3:a:sensiolabs:symfony"
References (6)
Core 6
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159610.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3276
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159603.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159513.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74928
Vendor Advisory x_refsource_confirm
http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
Scores
EPSS
0.7619
EPSS Percentile
99.0%
Details
CWE
CWE-284
Status
published
Products (29)
sensiolabs/symfony
2.3.19
sensiolabs/symfony
2.3.20
sensiolabs/symfony
2.3.21
sensiolabs/symfony
2.3.22
sensiolabs/symfony
2.3.23
sensiolabs/symfony
2.3.24
sensiolabs/symfony
2.3.25
sensiolabs/symfony
2.3.26
sensiolabs/symfony
2.3.27
sensiolabs/symfony
2.3.28
... and 19 more
Published
Jun 02, 2015
Tracked Since
Feb 18, 2026