CVE-2012-6432

Published: Dec 27, 2012Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring.

Affected (26)

Products: Sensiolabs: Symfony

Sensiolabs

1 product

Symfony

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Sensiolabs Symfony	Version 2.0.0
Sensiolabs Symfony	Version 2.0.10
Sensiolabs Symfony	Version 2.0.11
Sensiolabs Symfony	Version 2.0.12
Sensiolabs Symfony	Version 2.0.13
Sensiolabs Symfony	Version 2.0.14
Sensiolabs Symfony	Version 2.0.15
Sensiolabs Symfony	Version 2.0.16
Sensiolabs Symfony	Version 2.0.17
Sensiolabs Symfony	Version 2.0.18
Sensiolabs Symfony	Version 2.0.19
Sensiolabs Symfony	Version 2.0.1
Sensiolabs Symfony	Version 2.0.20
Sensiolabs Symfony	Version 2.0.2
Sensiolabs Symfony	Version 2.0.3
Sensiolabs Symfony	Version 2.0.4
Sensiolabs Symfony	Version 2.0.5
Sensiolabs Symfony	Version 2.0.6
Sensiolabs Symfony	Version 2.0.7
Sensiolabs Symfony	Version 2.0.8
Sensiolabs Symfony	Version 2.0.9

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Sensiolabs Symfony	Version 2.1.0
Sensiolabs Symfony	Version 2.1.1
Sensiolabs Symfony	Version 2.1.2
Sensiolabs Symfony	Version 2.1.3

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Sensiolabs Symfony	Version 2.2 dev

Related CWEs

CWE-264

References (2)

http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

Source: cve@mitre.org

Vendor Advisory

http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.