Symfony 2 历史漏洞(选择版本的依据)

Posted 南瓜__pumpkin

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Symfony 2 历史漏洞(选择版本的依据)相关的知识,希望对你有一定的参考价值。

文章目录

Symfony 历史漏洞

百度检索CVE

CVE-2021-21424: Prevent user enumeration in authentication mechanisms

CVE-2020-15094

PHP模板引擎的跳脱验证讯息CVE-2019-10909、验证服务ID有效性CVE-2019-10910以及Cookie杂凑的问题CVE-2019-10911

CVE-2018-14773

CVE-2015-8125

CVE-2015-4050: ESI unauthorized access

CVE-2015-2308: Esi Code Injection

CVE-2013-1348,CVE-2013-1397

CVE-2012-6432

批量搜索CVE-看这个就行了

CVE 只能通过 ID 搜索 CVE 漏洞。

Symfony 官网发布的安全公告,位于 https://symfony.com/blog/ 目录下,该目录目前有 282 Pages,可以通过遍历 Page 参数来爬取每一个 CVE 通告页面。

该说不说,百度一个个找一点都不偷懒,要知道偷懒可是第二生产力。

爬取官网公告并提取 CVE 相关页面:

# -*- coding:utf-8 -*-

import requests
from bs4 import BeautifulSoup

url = "https://symfony.com/blog/?page={}"
cveList = []
for x in range(1, 283):
    if x % 10 == 0:
        print(x)
    resp = requests.get(url.format(x), timeout=3)
    html = resp.text
    if resp.status_code == 200:
        soup = BeautifulSoup(html, 'lxml')
        aList = soup.find_all('a')

        for a in aList:
            href = a.get('href')
       
        	# 第一遍只提取到 4 条记录
			# if "cve" in href and "symfony" in href:	
        	#   print(a, href)
        	#   cveList.append(href)
        	
            if "cve" in href:
                if "http" not in href:
                    href = "https://symfony.com" + href
                # print(a, href)
                if href not in cveList:
                    cveList.append(href)   
for x in cveList:
    print(x)

Symfony 官网公告提供的 CVE 列表如下,检索到 45 条 CVE 漏洞公告。

漏洞编号公告地址
cve-2021-32693https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one
cve-2021-21424https://symfony.com/blog/cve-2021-21424-prevent-user-enumeration-in-authentication-mechanisms
cve-2020-15094/blog/cve-2020-15094-prevent-rce-when-calling-untrusted-remote-with-cachinghttpclient
cve-2020-5275https://symfony.com/blog/cve-2020-5275-all-access-control-rules-are-required-when-a-firewall-uses-the-unanimous-strategy
cve-2020-5255https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header
cve-2020-5274https://symfony.com/blog/cve-2020-5274-fix-exception-message-escaping-rendered-by-errorhandler
cve-2019-11325https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporte
cve-2019-18888https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
cve-2019-18886https://symfony.com/blog/cve-2019-18886-prevent-user-enumeration-using-switch-user-functionality
cve-2019-18887https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
cve-2019-18889https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances
cve-2019-10911https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
cve-2019-10912https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
cve-2019-10913https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
cve-2019-10909https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
cve-2019-10910https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
cve-2018-19789https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
cve-2018-19790https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http
cve-2018-14773https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
cve-2018-14774https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache
cve-2018-11407https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
cve-2018-11385https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication
cve-2018-11386https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
cve-2018-11408https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
cve-2018-11406https://symfony.com/blog/cve-2018-11406-csrf-token-fixation
cve-2017-16653https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https
cve-2017-16652https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
cve-2017-16654https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
cve-2017-16790https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files
cve-2017-11365https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue
cve-2016-2403https://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
cve-2016-4423https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
cve-2016-1902https://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails
cve-2015-8125https://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service
cve-2015-8124https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature
cve-2015-4050https://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
cve-2015-2308https://symfony.com/blog/cve-2015-2308-esi-code-injection
cve-2015-2309https://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class
cve-2014-6072https://symfony.com/blog/cve-2014-6072-csrf-vulnerability-in-the-web-profiler
cve-2014-6061https://symfony.com/blog/cve-2014-6061-security-issue-when-parsing-the-authorization-header
cve-2014-5245https://symfony.com/blog/cve-2014-5245-direct-access-of-esi-urls-behind-a-trusted-proxy
cve-2014-5244https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header
cve-2014-4931https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released
cve-2013-5958https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released
cve-2013-5750https://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form

Symfony 2 历史漏洞

查看文章 【10月进步一点点】2.认识Symfony , Symfony 2.0 - 2.8 的发布时间是 2011-2015年。 实际效果,根据 CVE 来选择框架版本不好用。

参考 EduSoho常见问题 得知,框架使用Symfony2.2 的视图层 + 自主研发的服务容器框架。所以选择安装 Symfony 2.2。

这波英语原文阅读了。

CVE漏洞编号涉及版本漏洞信息
cve-2013-5750Symfony 2.4 以下版本登录表单密码长度无限制,导致的Dos攻击
cve-2013-5958All 2.1.x-2.3.x与 cve-2013-5750 相关,提供了.patch文件
cve-2014-4931All 2.0.x-2.5.x代码注入
cve-2014-5244All 2.0.x-2.5.xHTTP请求头导致的 Dos攻击
-

以上是关于Symfony 2 历史漏洞(选择版本的依据)的主要内容,如果未能解决你的问题,请参考以下文章

CKEditor 版本探测和爬取历史漏洞(整理文)

Drupal网站管理员们请注意:Symfony漏洞会让你的网站沦陷!

Symfony漏洞让Drupal站点容易受到黑客攻击

从防护角度看Thinkphp历史漏洞

15-java安全——fastjson反序列化的历史版本绕过(开启AutoType功能)

15-java安全——fastjson反序列化的历史版本绕过(开启AutoType功能)