Vulnerability in Symfony Twig
CVE-2001-1537
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
EPSS: 0.011 (61.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Symfony Twig
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ, Broken Link)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID)
- cve@mitre.org (vdb-entry, Broken Link, x_refsource_XF)
Frequently asked questions
- What is CVE-2001-1537?
- CVE-2001-1537 is a high-severity vulnerability in Symfony Twig, classified under Cleartext Storage of Sensitive Information. CVSS score: 7.5/10. Published 2001-12-31.
- How severe is CVE-2001-1537?
- High severity. CVSS v3 base score is 7.5 out of 10.