文章目錄
-
- Symfony 曆史漏洞
-
-
- 百度檢索CVE
- 批量搜尋CVE-看這個就行了
-
- Symfony 2 曆史漏洞
Symfony 曆史漏洞
百度檢索CVE
CVE-2021-21424: Prevent user enumeration in authentication mechanisms
CVE-2020-15094
PHP模闆引擎的跳脫驗證訊息CVE-2019-10909、驗證服務ID有效性CVE-2019-10910以及Cookie雜湊的問題CVE-2019-10911
CVE-2018-14773
CVE-2015-8125
CVE-2015-4050: ESI unauthorized access
CVE-2015-2308: Esi Code Injection
CVE-2013-1348,CVE-2013-1397
CVE-2012-6432
批量搜尋CVE-看這個就行了
CVE 隻能通過 ID 搜尋 CVE 漏洞。
Symfony 官網釋出的安全公告,位于 https://symfony.com/blog/ 目錄下,該目錄目前有 282 Pages,可以通過周遊 Page 參數來爬取每一個 CVE 通告頁面。
該說不說,百度一個個找一點都不偷懶,要知道偷懶可是第二生産力。
爬取官網公告并提取 CVE 相關頁面:
# -*- coding:utf-8 -*-
import requests
from bs4 import BeautifulSoup
url = "https://symfony.com/blog/?page={}"
cveList = []
for x in range(1, 283):
if x % 10 == 0:
print(x)
resp = requests.get(url.format(x), timeout=3)
html = resp.text
if resp.status_code == 200:
soup = BeautifulSoup(html, 'lxml')
aList = soup.find_all('a')
for a in aList:
href = a.get('href')
# 第一遍隻提取到 4 條記錄
# if "cve" in href and "symfony" in href:
# print(a, href)
# cveList.append(href)
if "cve" in href:
if "http" not in href:
href = "https://symfony.com" + href
# print(a, href)
if href not in cveList:
cveList.append(href)
for x in cveList:
print(x)
Symfony 官網公告提供的 CVE 清單如下,檢索到 45 條 CVE 漏洞公告。
漏洞編号 | 公告位址 |
---|---|
cve-2021-32693 | https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one |
cve-2021-21424 | https://symfony.com/blog/cve-2021-21424-prevent-user-enumeration-in-authentication-mechanisms |
cve-2020-15094 | /blog/cve-2020-15094-prevent-rce-when-calling-untrusted-remote-with-cachinghttpclient |
cve-2020-5275 | https://symfony.com/blog/cve-2020-5275-all-access-control-rules-are-required-when-a-firewall-uses-the-unanimous-strategy |
cve-2020-5255 | https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header |
cve-2020-5274 | https://symfony.com/blog/cve-2020-5274-fix-exception-message-escaping-rendered-by-errorhandler |
cve-2019-11325 | https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporte |
cve-2019-18888 | https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser |
cve-2019-18886 | https://symfony.com/blog/cve-2019-18886-prevent-user-enumeration-using-switch-user-functionality |
cve-2019-18887 | https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner |
cve-2019-18889 | https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances |
cve-2019-10911 | https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash |
cve-2019-10912 | https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized |
cve-2019-10913 | https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides |
cve-2019-10909 | https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine |
cve-2019-10910 | https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid |
cve-2018-19789 | https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path |
cve-2018-19790 | https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http |
cve-2018-14773 | https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers |
cve-2018-14774 | https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache |
cve-2018-11407 | https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password |
cve-2018-11385 | https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication |
cve-2018-11386 | https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler |
cve-2018-11408 | https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers |
cve-2018-11406 | https://symfony.com/blog/cve-2018-11406-csrf-token-fixation |
cve-2017-16653 | https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https |
cve-2017-16652 | https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers |
cve-2017-16654 | https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths |
cve-2017-16790 | https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files |
cve-2017-11365 | https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue |
cve-2016-2403 | https://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password |
cve-2016-4423 | https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session |
cve-2016-1902 | https://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails |
cve-2015-8125 | https://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service |
cve-2015-8124 | https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature |
cve-2015-4050 | https://symfony.com/blog/cve-2015-4050-esi-unauthorized-access |
cve-2015-2308 | https://symfony.com/blog/cve-2015-2308-esi-code-injection |
cve-2015-2309 | https://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class |
cve-2014-6072 | https://symfony.com/blog/cve-2014-6072-csrf-vulnerability-in-the-web-profiler |
cve-2014-6061 | https://symfony.com/blog/cve-2014-6061-security-issue-when-parsing-the-authorization-header |
cve-2014-5245 | https://symfony.com/blog/cve-2014-5245-direct-access-of-esi-urls-behind-a-trusted-proxy |
cve-2014-5244 | https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header |
cve-2014-4931 | https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released |
cve-2013-5958 | https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released |
cve-2013-5750 | https://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form |
Symfony 2 曆史漏洞
檢視文章 【10月進步一點點】2.認識Symfony , Symfony 2.0 - 2.8 的釋出時間是 2011-2015年。 實際效果,根據 CVE 來選擇架構版本不好用。
參考 EduSoho常見問題 得知,架構使用Symfony2.2 的視圖層 + 自主研發的服務容器架構。是以選擇安裝 Symfony 2.2。
這波英語原文閱讀了。
CVE漏洞編号 | 涉及版本 | 漏洞資訊 |
---|---|---|
cve-2013-5750 | Symfony 2.4 以下版本 | 登入表單密碼長度無限制,導緻的Dos攻擊 |
cve-2013-5958 | All 2.1.x-2.3.x | 與 cve-2013-5750 相關,提供了.patch檔案 |
cve-2014-4931 | All 2.0.x-2.5.x | 代碼注入 |
cve-2014-5244 | All 2.0.x-2.5.x | HTTP請求頭導緻的 Dos攻擊 |
- |