UBUNTU-CVE-2015-4050

Source
https://ubuntu.com/security/CVE-2015-4050
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-4050.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-4050
Related
Published
2015-06-02T14:59:00Z
Modified
2025-01-13T10:21:09Z
Summary
[none]
Details

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /fragment.

References

Affected packages

Ubuntu:16.04:LTS / symfony

Package

Name
symfony
Purl
pkg:deb/ubuntu/symfony@2.7.10-0ubuntu2?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.10-0ubuntu2

Affected versions

2.*

2.7.1+dfsg-1
2.7.5+dfsg-1
2.7.9+dfsg-1
2.7.9+dfsg-1ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_name": "php-symfony-asset",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-browser-kit",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-class-loader",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-config",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-console",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-css-selector",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-debug",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-debug-bundle",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-dependency-injection",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-doctrine-bridge",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-dom-crawler",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-event-dispatcher",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-expression-language",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-filesystem",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-finder",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-form",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-framework-bundle",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-http-foundation",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-http-kernel",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-intl",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-locale",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-monolog-bridge",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-options-resolver",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-phpunit-bridge",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-process",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-property-access",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-proxy-manager-bridge",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-routing",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-security",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-security-bundle",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-serializer",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-stopwatch",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-swiftmailer-bridge",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-templating",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-translation",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-twig-bridge",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-twig-bundle",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-validator",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-var-dumper",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-web-profiler-bundle",
            "binary_version": "2.7.10-0ubuntu2"
        },
        {
            "binary_name": "php-symfony-yaml",
            "binary_version": "2.7.10-0ubuntu2"
        }
    ]
}

Ubuntu:18.04:LTS / symfony

Package

Name
symfony
Purl
pkg:deb/ubuntu/symfony@3.4.6+dfsg-1?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.6+dfsg-1

Affected versions

2.*

2.8.7+dfsg-1.3ubuntu1

3.*

3.4.3+dfsg-1ubuntu4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_name": "php-symfony",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-asset",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-browser-kit",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-cache",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-class-loader",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-config",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-console",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-css-selector",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-debug",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-debug-bundle",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-dependency-injection",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-doctrine-bridge",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-dom-crawler",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-dotenv",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-event-dispatcher",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-expression-language",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-filesystem",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-finder",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-form",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-framework-bundle",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-http-foundation",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-http-kernel",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-inflector",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-intl",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-ldap",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-lock",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-monolog-bridge",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-options-resolver",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-phpunit-bridge",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-process",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-property-access",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-property-info",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-proxy-manager-bridge",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-routing",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-security",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-security-bundle",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-security-core",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-security-csrf",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-security-guard",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-security-http",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-serializer",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-stopwatch",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-templating",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-translation",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-twig-bridge",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-twig-bundle",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-validator",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-var-dumper",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-web-link",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-web-profiler-bundle",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-web-server-bundle",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-workflow",
            "binary_version": "3.4.6+dfsg-1"
        },
        {
            "binary_name": "php-symfony-yaml",
            "binary_version": "3.4.6+dfsg-1"
        }
    ]
}