Vulnerability CVE-2017-16652

Vulnerability Name:

CVE-2017-16652 (CCN-145246)

Assigned:

2017-11-17

Published:

2017-11-17

Updated:

2019-03-13

Summary:

An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks.

CVSS v3 Severity:

6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

7.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-601

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2017-16652

Source: CCN
Type: Symfony Web site
Symfony, High Performance PHP Framework for Web Development

Source: XF
Type: UNKNOWN
symfony-cve201716652-open-redirect(145246)

Source: MLIST
Type: Third Party Advisory
[debian-lts-announce] 20190310 [SECURITY] [DLA 1707-1] symfony security update

Source: CCN
Type: Symfony blog, November 17, 2017
CVE-2017-16652: Open redirect vulnerability on security handlers

Source: CONFIRM
Type: Vendor Advisory
https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers

Vulnerable Configuration:

Configuration 1:

cpe:/a:sensiolabs:symfony:*:*:*:*:*:*:*:* (Version > 2.7.0 and < 2.7.38)

OR cpe:/a:sensiolabs:symfony:*:*:*:*:*:*:*:* (Version > 2.8.0 and < 2.8.31)

OR cpe:/a:sensiolabs:symfony:*:*:*:*:*:*:*:* (Version > 3.2.0 and < 3.2.14)

OR cpe:/a:sensiolabs:symfony:*:*:*:*:*:*:*:* (Version >= 3.3.0 and < 3.3.13)

Configuration 2:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.disco:def:2017166520000000	V	CVE-2017-16652 on Ubuntu 19.04 (disco) - medium.	2018-06-13
oval:com.ubuntu.artful:def:201716652000	V	CVE-2017-16652 on Ubuntu 17.10 (artful) - medium.	2018-06-13
oval:com.ubuntu.cosmic:def:2017166520000000	V	CVE-2017-16652 on Ubuntu 18.10 (cosmic) - medium.	2018-06-13
oval:com.ubuntu.bionic:def:201716652000	V	CVE-2017-16652 on Ubuntu 18.04 LTS (bionic) - medium.	2018-06-13
oval:com.ubuntu.bionic:def:2017166520000000	V	CVE-2017-16652 on Ubuntu 18.04 LTS (bionic) - medium.	2018-06-13
oval:com.ubuntu.cosmic:def:201716652000	V	CVE-2017-16652 on Ubuntu 18.10 (cosmic) - medium.	2018-06-13
oval:com.ubuntu.xenial:def:2017166520000000	V	CVE-2017-16652 on Ubuntu 16.04 LTS (xenial) - medium.	2018-06-13
oval:com.ubuntu.xenial:def:201716652000	V	CVE-2017-16652 on Ubuntu 16.04 LTS (xenial) - medium.	2018-06-13

BACK