National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Vulnerability Change Record for CVE-2018-14773

Change History

Initial Analysis - 10/17/2018 11:32:13 AM

Action Type Old Value New Value
Changed Reference Type
http://www.securityfocus.com/bid/104943 No Types Assigned
http://www.securityfocus.com/bid/104943 Third Party Advisory, VDB Entry
Changed Reference Type
http://www.securitytracker.com/id/1041405 No Types Assigned
http://www.securitytracker.com/id/1041405 Third Party Advisory, VDB Entry
Changed Reference Type
https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b No Types Assigned
https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b Issue Tracking, Patch, Third Party Advisory
Changed Reference Type
https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers No Types Assigned
https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers Patch, Vendor Advisory
Changed Reference Type
https://www.drupal.org/SA-CORE-2018-005 No Types Assigned
https://www.drupal.org/SA-CORE-2018-005 Patch, Third Party Advisory
Added CWE
CWE-19
Added CVSS V2
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Added CVSS V3
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Added CPE Configuration
OR
     *cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* versions from (excluding) 2.7.0 up to (including) 2.7.48
     *cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* versions from (including) 2.8.0 up to (including) 2.8.43
     *cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* versions from (including) 3.3.0 up to (including) 3.3.17
     *cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* versions from (including) 3.4.0 up to (including) 3.4.13
     *cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* versions from (including) 4.0.0 up to (including) 4.0.13
     *cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* versions from (including) 4.1.0 up to (including) 4.1.2