Symfony HOST HTTP Header Spoofing and Validation Bypass
Symfony HOST HTTP Header Spoofing and Validation Bypass Vulnerabilities
Release Date : 2013-08-09
Criticality level : Less critical
Impact : Security Bypass
Where : From remote
Solution Status: Vendor Patch
Software: Symfony 2.x
A security issue and a vulnerability have been reported in Symfony, which can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions.
1) An error when handling the "collectionCascaded" and "collectionCascadedDeeply" fields during serialisation within the Validator component can be exploited to prevent traversal of certain fields with a @Valid constraint and bypass certain validations.
Successful exploitation of this security issue requires that Symfony\\Component\\Validator\\Mapping\\Cache\\ApcCache or a cache implementing Symfony\\Component\\Validator\\Mapping\\Cache\\CacheInterface is enabled.
2) An error when handling the HOST HTTP header within the "Request::getHost()" function (Component/HttpFoundation/Request.php) of the HttpFoundation component can be exploited to spoof the host of a request and e.g. manipulate a password reset link generated for a user.
The security issue and the vulnerability are reported in versions prior to 2.0.24, 2.1.12, 2.2.5, and 2.3.3.
Update to version 2.0.24, 2.1.12, 2.2.5, or 2.3.3.
Provided and/or discovered by:
1) The vendor credits Alexandre Salome.
2) The vendor credits Jordan Alliot.
Was this reply helpful? (0) (0)