Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
                
            References
                    | Link | Resource | 
|---|---|
| http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released | Vendor Advisory | 
| http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released | Vendor Advisory | 
Configurations
                    Configuration 1 (hide)
| 
 | 
History
                    21 Nov 2024, 01:46
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released - Vendor Advisory | 
Information
                Published : 2012-12-27 11:47
Updated : 2025-04-11 00:51
NVD link : CVE-2012-6431
Mitre link : CVE-2012-6431
CVE.ORG link : CVE-2012-6431
JSON object : View
Products Affected
                sensiolabs
- symfony
CWE
                
                    
                        
                        CWE-264
                        
            Permissions, Privileges, and Access Controls
