Vulnerability in Sensiolabs Symfony
CVE-2015-8125
Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberM…
EPSS: 0.010 (77.4th percentile) — read the EPSS interpretation.
Affected products
- Sensiolabs Symfony — versions 2.3.0, 2.3.1, 2.3.2
- N/a — versions n/a
References
- FEDORA-2015-0efcb5fbc5 (x_refsource_FEDORA, vendor-advisory)
- FEDORA-2015-0b89738311 (x_refsource_FEDORA, vendor-advisory)
- DSA-3402 (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- 77692 (vdb-entry, x_refsource_BID)