What is CVE-2018-14773?

CVE-2018-14773 is a vulnerability in N/a. Published 2018-08-03.

Is CVE-2018-14773 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-14773

An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a (legacy) IIS header t…

EPSS: 0.581 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

104943 (vdb-entry, x_refsource_BID)
www.drupal.org/SA-CORE-2018-005 (x_refsource_CONFIRM)
[debian-lts-announce] 20190310 [SECURITY] [DLA 1707-1] symfony security update (mailing-list, x_refsource_MLIST)
symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers (x_refsource_CONFIRM)
github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b (x_refsource_CONFIRM)
1041405 (vdb-entry, x_refsource_SECTRACK)
DSA-4441 (vendor-advisory, x_refsource_DEBIAN)
20190510 [SECURITY] [DSA 4441-1] symfony security update (mailing-list, x_refsource_BUGTRAQ)

Frequently asked questions

What is CVE-2018-14773?: CVE-2018-14773 is a vulnerability in N/a. Published 2018-08-03.
Is CVE-2018-14773 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.