CVE-2013-4752

moderate-risk

Published 2020-01-02

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.

Do I need to act?

0.93% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (3)

Symfony

Fedora

Affected Vendors

Fedoraproject Sensiolabs

References (30)

Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.htm...

Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.htm...

Patch http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-...

Third Party Advisory http://www.securityfocus.com/bid/61715

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/86365

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/86366

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/86367

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/86368

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/86369

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/86370

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/86371

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/86372

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/86373

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/86374

Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.htm...

Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.htm...

Patch http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-...

Third Party Advisory http://www.securityfocus.com/bid/61715

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752

and 10 more references

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 3/34 · Minimal

Exposure 9/34 · Low