CVE-2012-6431
EPSS 0.22%Symfony Allows URI Restrictions Bypass Via Double-Encoded String
Published: 5/17/2022Modified: 12/3/2024
Description
On the Symfony 2.0.x version, there's a security issue that allows access to routes protected by a firewall even when the user is not logged in. Both the Routing component and the Security component uses the path returned by `getPathInfo()` to match a Request. The `getPathInfo()` returns a decoded path, but the Routing component (`Symfony\Component\Routing\Matcher\UrlMatcher`) decodes the path a second time; whereas the Security component, `Symfony\Component\HttpFoundation\RequestMatcher`, does not. This difference causes Symfony 2.0 to be vulnerable to double encoding attacks.
Affected packages (4)
- Packagist/symfony/http-foundation>= 2.0.0, < 2.0.19
- Packagist/symfony/routing>= 2.0.0, < 2.0.19
- Packagist/symfony/security>= 2.0.0, < 2.0.19
- Packagist/symfony/symfony>= 2.0.0, < 2.0.19
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-6431
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2012-6431.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2012-6431.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2012-6431.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6431.yaml
- WEBhttps://github.com/symfony/symfony/commit/55014a6841bec50046e8329a4835c160ac31a496
- WEBhttps://github.com/symfony/symfony/commit/8b2c17f80377582287a78e0b521497e039dd6b0d
- WEBhttps://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released
- WEBhttp://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released