Vulnerabilities > CVE-2013-5750 - Resource Management Errors vulnerability in Friends of Symfony Project Fosuserbundle

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

friends-of-symfony-project

CWE-399

NVD

Published: 2013-09-25

Updated: 2013-10-15

Summary

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.

Vulnerable Configurations

Part	Description	Count
Application	Friends_Of_Symfony_Project Friends OF Symfony Project Fosuserbundle 1.0.0 Friends OF Symfony Project Fosuserbundle 1.1.0 Friends OF Symfony Project Fosuserbundle 1.2.0 Friends OF Symfony Project Fosuserbundle 1.2.1 Friends OF Symfony Project Fosuserbundle 1.2.3 Friends OF Symfony Project Fosuserbundle 1.2.4 Friends OF Symfony Project Fosuserbundle 1.2.5 Friends OF Symfony Project Fosuserbundle 1.3.0 Friends OF Symfony Project Fosuserbundle 1.3.1 Friends OF Symfony Project Fosuserbundle 1.3.2	10

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form