1. CVE-Search
  2. CVE-2013-5750
ID CVE-2013-5750
Summary The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.
References
Vulnerable Configurations
  • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.0.0:-:-:*:-:symfony:*:*
    cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.0.0:-:-:*:-:symfony:*:*
  • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.1.0:-:-:*:-:symfony:*:*
    cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.1.0:-:-:*:-:symfony:*:*
  • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.0:-:-:*:-:symfony:*:*
    cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.0:-:-:*:-:symfony:*:*
  • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.1:-:-:*:-:symfony:*:*
    cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.1:-:-:*:-:symfony:*:*
  • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.3:-:-:*:-:symfony:*:*
    cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.3:-:-:*:-:symfony:*:*
  • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.4:-:-:*:-:symfony:*:*
    cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.4:-:-:*:-:symfony:*:*
  • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.5:-:-:*:-:symfony:*:*
    cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.5:-:-:*:-:symfony:*:*
  • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.3.0:-:-:*:-:symfony:*:*
    cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.3.0:-:-:*:-:symfony:*:*
  • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.3.1:-:-:*:-:symfony:*:*
    cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.3.1:-:-:*:-:symfony:*:*
  • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.3.2:-:-:*:-:symfony:*:*
    cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.3.2:-:-:*:-:symfony:*:*
CVSS
Base: 5.0 (as of 15-10-2013 - 12:10)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form
Last major update 15-10-2013 - 12:10
Published 25-09-2013 - 10:31
Last modified 15-10-2013 - 12:10
Back to Top