Vulnerability CVE-2018-14774

Vulnerability Name:

CVE-2018-14774 (CCN-147911)

Assigned:

2018-08-01

Published:

2018-08-01

Updated:

2018-10-17

Summary:

An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.

CVSS v3 Severity:

7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)
6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Data Manipulation

References:

Source: MITRE
Type: CNA
CVE-2018-14774

Source: XF
Type: UNKNOWN
symfony-cve201814774-header-injection(147911)

Source: CCN
Type: Symfony GIT Repository
[HttpKernel] fix trusted headers management in HttpCache and Inlin

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/symfony/symfony/commit/725dee4cd8b4ccd52e335ae4b4522242cea9bd4a

Source: CCN
Type: Symfony blog, August 1, 2018
CVE-2018-14774: Possible host header injection when using HttpCache

Source: CONFIRM
Type: Patch, Third Party Advisory
https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

Vulnerable Configuration:

Configuration 1:

cpe:/a:sensiolabs:symfony:*:*:*:*:*:*:*:* (Version >= 2.7.0 and <= 2.7.48)

OR cpe:/a:sensiolabs:symfony:*:*:*:*:*:*:*:* (Version >= 2.8.0 and <= 2.8.43)

OR cpe:/a:sensiolabs:symfony:*:*:*:*:*:*:*:* (Version >= 3.3.0 and <= 3.3.17)

OR cpe:/a:sensiolabs:symfony:*:*:*:*:*:*:*:* (Version >= 3.4.0 and <= 3.4.13)

OR cpe:/a:sensiolabs:symfony:*:*:*:*:*:*:*:* (Version >= 4.0.0 and <= 4.0.13)

OR cpe:/a:sensiolabs:symfony:*:*:*:*:*:*:*:* (Version >= 4.1.0 and <= 4.1.2)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.bionic:def:201814774000	V	CVE-2018-14774 on Ubuntu 18.04 LTS (bionic) - medium.	2018-08-03
oval:com.ubuntu.bionic:def:2018147740000000	V	CVE-2018-14774 on Ubuntu 18.04 LTS (bionic) - medium.	2018-08-03
oval:com.ubuntu.cosmic:def:201814774000	V	CVE-2018-14774 on Ubuntu 18.10 (cosmic) - medium.	2018-08-03
oval:com.ubuntu.xenial:def:2018147740000000	V	CVE-2018-14774 on Ubuntu 16.04 LTS (xenial) - medium.	2018-08-03
oval:com.ubuntu.xenial:def:201814774000	V	CVE-2018-14774 on Ubuntu 16.04 LTS (xenial) - medium.	2018-08-03
oval:com.ubuntu.disco:def:2018147740000000	V	CVE-2018-14774 on Ubuntu 19.04 (disco) - medium.	2018-08-03
oval:com.ubuntu.cosmic:def:2018147740000000	V	CVE-2018-14774 on Ubuntu 18.10 (cosmic) - medium.	2018-08-03

BACK