CVE-2020-5255 - Vulnerability Details - OpenCVE

In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sensiolabs	Symfony

Configuration 1 [-]

OR	cpe:2.3:a:sensiolabs:symfony::::::::
	cpe:2.3:a:sensiolabs:symfony::::::::

No data.

References

Link	Providers
https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6
https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/
https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-03-30T19:30:15

Updated: 2024-08-04T08:22:09.086Z

Reserved: 2020-01-02T00:00:00

Link: CVE-2020-5255

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-03-30T20:15:19.570

Modified: 2024-11-21T05:33:46.550

Link: CVE-2020-5255

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "symfony", "vendor": "symfony", "versions": [{"status": "affected", "version": ">= 4.4.0 and < 4.4.7"}, {"status": "affected", "version": ">= 5.0.0 and < 5.0.7"}]}], "descriptions": [{"lang": "en", "value": "In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-435", "description": "CWE-435 Improper Interaction Between Multiple Correctly-Behaving Entities", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-09T16:06:00", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6"}, {"tags": ["x_refsource_MISC"], "url": "https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header"}, {"name": "FEDORA-2020-fade6a8df7", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/"}], "source": {"advisory": "GHSA-mcx4-f5f5-4859", "discovery": "UNKNOWN"}, "title": "Prevent cache poisoning via a Response Content-Type header", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5255", "STATE": "PUBLIC", "TITLE": "Prevent cache poisoning via a Response Content-Type header"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "symfony", "version": {"version_data": [{"version_value": ">= 4.4.0 and < 4.4.7"}, {"version_value": ">= 5.0.0 and < 5.0.7"}]}}]}, "vendor_name": "symfony"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-435 Improper Interaction Between Multiple Correctly-Behaving Entities"}]}]}, "references": {"reference_data": [{"name": "https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859", "refsource": "CONFIRM", "url": "https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859"}, {"name": "https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6", "refsource": "MISC", "url": "https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6"}, {"name": "https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header", "refsource": "MISC", "url": "https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header"}, {"name": "FEDORA-2020-fade6a8df7", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/"}]}, "source": {"advisory": "GHSA-mcx4-f5f5-4859", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:22:09.086Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header"}, {"name": "FEDORA-2020-fade6a8df7", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-5255", "datePublished": "2020-03-30T19:30:15", "dateReserved": "2020-01-02T00:00:00", "dateUpdated": "2024-08-04T08:22:09.086Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*", "matchCriteriaId": "95F04BAB-4B76-4142-B000-67FA0A9F73F4", "versionEndExcluding": "4.4.7", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*", "matchCriteriaId": "A656BCAC-1974-4E5D-B7E3-4162A6153A4B", "versionEndExcluding": "5.0.7", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7."}, {"lang": "es", "value": "En Symfony en versiones anteriores a las versiones 4.4.7 y 5.0.7, cuando una \"Response\" no contiene un encabezado \"Content-Type\", las versiones afectadas de Symfony pueden retroceder al formato definido en el encabezado \"Accept\" de la petici\u00f3n, conllevando a una posible falta de coincidencia entre el contenido response's y el encabezado \"Content-Type\". Cuando la respuesta es almacenada en cach\u00e9, esto puede impedir el uso del sitio web por otros usuarios. Esto ha sido parcheado en las versiones 4.4.7 y 5.0.7."}], "id": "CVE-2020-5255", "lastModified": "2024-11-21T05:33:46.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-30T20:15:19.570", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-435"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}