CVE-2012-6431

Published: Dec 27, 2012Modified: Apr 29, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.

Affected (20)

Products: Sensiolabs: Symfony

Sensiolabs

1 product

Symfony

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Sensiolabs Symfony	Version 2.0.0
Sensiolabs Symfony	Version 2.0.10
Sensiolabs Symfony	Version 2.0.11
Sensiolabs Symfony	Version 2.0.12
Sensiolabs Symfony	Version 2.0.13
Sensiolabs Symfony	Version 2.0.14
Sensiolabs Symfony	Version 2.0.15
Sensiolabs Symfony	Version 2.0.16
Sensiolabs Symfony	Version 2.0.17
Sensiolabs Symfony	Version 2.0.18
Sensiolabs Symfony	Version 2.0.19
Sensiolabs Symfony	Version 2.0.1
Sensiolabs Symfony	Version 2.0.2
Sensiolabs Symfony	Version 2.0.3
Sensiolabs Symfony	Version 2.0.4
Sensiolabs Symfony	Version 2.0.5
Sensiolabs Symfony	Version 2.0.6
Sensiolabs Symfony	Version 2.0.7
Sensiolabs Symfony	Version 2.0.8
Sensiolabs Symfony	Version 2.0.9

Related CWEs

CWE-264

References (2)

http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

Source: cve@mitre.org

Vendor Advisory

http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.