Vulnerability CVE-2017-18343

Vulnerability Name:

CVE-2017-18343

Assigned:

2018-07-19

Published:

2018-07-19

Updated:

2018-09-18

Summary:

** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI.
Note: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use.
Note: the Symfony Debug component is used by Laravel Debugbar.

CVSS v3 Severity:

6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-79

References:

Source: MITRE
Type: CNA
CVE-2017-18343

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/barryvdh/laravel-debugbar/issues/850

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/symfony/debug/pull/7/commits/e48bda29143bd1a83001780b4a78e483822d985c

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/symfony/symfony/issues/27987

Source: MISC
Type: Third Party Advisory
https://github.com/symfony/symfony/pull/23684

Vulnerable Configuration:

Configuration 1:

cpe:/a:sensiolabs:symfony:*:*:*:*:*:*:*:* (Version < 2.7.33)

OR cpe:/a:sensiolabs:symfony:*:*:*:*:*:*:*:* (Version >= 2.8.0 and < 2.8.26)

OR cpe:/a:sensiolabs:symfony:*:*:*:*:*:*:*:* (Version >= 3.0.0 and < 3.2.13)

OR cpe:/a:sensiolabs:symfony:*:*:*:*:*:*:*:* (Version >= 3.3.0 and < 3.3.6)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.disco:def:2017183430000000	V	CVE-2017-18343 on Ubuntu 19.04 (disco) - medium.	2018-07-20
oval:com.ubuntu.bionic:def:2017183430000000	V	CVE-2017-18343 on Ubuntu 18.04 LTS (bionic) - medium.	2018-07-20
oval:com.ubuntu.xenial:def:2017183430000000	V	CVE-2017-18343 on Ubuntu 16.04 LTS (xenial) - medium.	2018-07-20
oval:com.ubuntu.artful:def:201718343000	V	CVE-2017-18343 on Ubuntu 17.10 (artful) - medium.	2018-07-19
oval:com.ubuntu.cosmic:def:2017183430000000	V	CVE-2017-18343 on Ubuntu 18.10 (cosmic) - medium.	2018-07-19
oval:com.ubuntu.bionic:def:201718343000	V	CVE-2017-18343 on Ubuntu 18.04 LTS (bionic) - medium.	2018-07-19
oval:com.ubuntu.cosmic:def:201718343000	V	CVE-2017-18343 on Ubuntu 18.10 (cosmic) - medium.	2018-07-19
oval:com.ubuntu.xenial:def:201718343000	V	CVE-2017-18343 on Ubuntu 16.04 LTS (xenial) - medium.	2018-07-19

BACK