CVE Vulnerability

CVE-2021-41267

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the "trusted_headers" allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue. Versions 5.3.12 and later have a patch to ensure that the `X-Forwarded-Prefix` header is not forwarded to subrequests when it is not trusted.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q Patch Third Party Advisory
https://github.com/symfony/symfony/releases/tag/v5.3.12 Release Notes Third Party Advisory
https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487 Patch Third Party Advisory
https://github.com/symfony/symfony/pull/44243 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
Information

Published : 2021-11-24 07:15

Updated : 2021-11-30 06:52

NVD link : CVE-2021-41267

Mitre link : CVE-2021-41267

Products Affected
No products.
CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')