Vulnerabilities > CVE-2016-4423 - Resource Management Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-3588.NASL |
description | Two vulnerabilities were discovered in Symfony, a PHP framework. - CVE-2016-1902 Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions random_bytes() or openssl_random_pseudo_bytes() are not available, the output of SecureRandom should not be consider secure. - CVE-2016-4423 Marek Alaksa from Citadelo discovered that it is possible to fill up the session storage space by submitting inexistent large usernames. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 91365 |
published | 2016-05-31 |
reporter | This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/91365 |
title | Debian DSA-3588-1 : symfony - security update |
References
- http://www.debian.org/security/2016/dsa-3588
- http://www.debian.org/security/2016/dsa-3588
- https://github.com/symfony/symfony/pull/18733
- https://github.com/symfony/symfony/pull/18733
- https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
- https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session