Symfony.HTTP.request.header.Security.Bypass

description-logoDescription

This indicates an attack attempt to exploit a Security Bypass Vulnerability in the Symfony.
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted request. A remote attacker may be able to exploit this to bypass the security mechanisms on the vulnerable application.

affected-products-logoAffected Products

Symfony 2.7.0 to 2.7.48
Symfony 2.8.0 to 2.8.43
Symfony 3.3.0 to 3.3.17
Symfony 3.4.0 to 3.4.13
Symfony 4.0.0 to 4.0.13
Symfony 4.1.0 to 4.1.2

Impact logoImpact

Security Bypass: Remote attackers can bypass security mechanism on vulnerable systems

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor
https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-14 14.633 Default_action:pass:drop
2019-05-16 14.615 Sig Added
2019-04-23 14.598 Sig Added
2019-04-05 14.587 Name:X-Rewrite-URL.
HTTP.
Request.
Header.
SQL.
Injection:Symfony.
HTTP.
request.
header.
Security.
Bypass
2019-04-05 14.587 Severity:high:medium
2019-04-04 14.586 Name:Drupal.
Symfony.
HTTP.
request.
header.
Security.
Bypass:X-Rewrite-URL.
HTTP.
Request.
Header.
SQL.
Injection
2019-04-04 14.586 Severity:low:high