| Revision Date: | 2018-08-06 | Version: | 1 | | Title: | CVE-2017-16790 on Ubuntu 18.10 (cosmic) - medium. | | Description: | An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to the form. At this stage there is no difference anymore between submitted POST data and uploaded files. A user can send a crafted HTTP request where the value of a "FileType" is sent as normal POST data that could be interpreted as a local file path on the server-side (for example, "file:///etc/passwd"). If the application did not perform any additional checks about the value submitted to the "FileType", the contents of the given file on the server could have been exposed to the attacker.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2017-16790
| | Platform(s): | Ubuntu 18.10
| Product(s): | | | Definition Synopsis | | Ubuntu 18.10 (cosmic) is installed. AND Package Information
NOT php-symfony package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-asset package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-browser-kit package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-cache package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-class-loader package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-config package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-console package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-css-selector package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-debug package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-debug-bundle package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-dependency-injection package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-dom-crawler package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-dotenv package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-event-dispatcher package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-expression-language package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-filesystem package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-finder package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-form package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-framework-bundle package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-http-foundation package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-http-kernel package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-inflector package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-intl package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-ldap package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-lock package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-monolog-bridge package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-options-resolver package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-phpunit-bridge package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-process package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-property-access package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-property-info package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-proxy-manager-bridge package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-routing package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-security package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-security-bundle package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-security-core package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-security-csrf package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-security-guard package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-security-http package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-serializer package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-stopwatch package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-templating package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-translation package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-twig-bridge package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-twig-bundle package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-validator package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-var-dumper package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-web-link package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-web-profiler-bundle package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-web-server-bundle package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-workflow package in cosmic, while related to the CVE in some way, is not affected.
OR NOT php-symfony-yaml package in cosmic, while related to the CVE in some way, is not affected.
|
|