What is CVE-2015-4050?

CVE-2015-4050 is a vulnerability in Sensiolabs Symfony, classified under Improper Access Control. Published 2015-06-02.

Is CVE-2015-4050 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sensiolabs Symfony

CVE-2015-4050

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which…

EPSS: 0.762 (98.9th percentile) — read the EPSS interpretation.

Affected products

Sensiolabs Symfony — versions 2.3.19, 2.3.20, 2.3.21
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
FEDORA-2015-9039 (x_refsource_FEDORA, vendor-advisory)
DSA-3276 (vendor-advisory, x_refsource_DEBIAN)
FEDORA-2015-9034 (x_refsource_FEDORA, vendor-advisory)
FEDORA-2015-9025 (x_refsource_FEDORA, vendor-advisory)
74928 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2015-4050?: CVE-2015-4050 is a vulnerability in Sensiolabs Symfony, classified under Improper Access Control. Published 2015-06-02.
Is CVE-2015-4050 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.