LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

php-symfony-symfony: information disclosure

Package(s):php-symfony-symfony CVE #(s):CVE-2012-5574
Created:December 6, 2012 Updated:December 12, 2012
Description: From the Red Hat bugzilla:

An information disclosure flaw was found in the way Symfony, a open-source PHP web framework, sanitized certain HTTP POST request values. A remote attacker could use this flaw to obtain (unauthorized) read access to arbitrary system files, readable with the privileges of the web server process.

Alerts:
Fedora FEDORA-2012-19235 2012-12-06
Fedora FEDORA-2012-19195 2012-12-06
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds