The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of eZ Publish

vulnerability announce 29312

eZ Publish Legacy: Cross Site Scripting via DB Handler Error Messages

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via DB Handler Error Messages of eZ Publish Legacy, in order to run JavaScript code in the context of the web site.
Impacted products: eZ Publish.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 15/05/2019.
Identifiers: VIGILANCE-VUL-29312.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via DB Handler Error Messages of eZ Publish Legacy, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-19790

Symfony: open redirect via Backslashes

Synthesis of the vulnerability

An attacker can deceive the user via Backslashes of Symfony, in order to redirect him to a malicious site.
Impacted products: Debian, eZ Platform, eZ Publish, Fedora, Symfony.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 06/12/2018.
Identifiers: CVE-2018-19790, DLA-1707-1, DSA-4441-1, EZSA-2018-010, FEDORA-2018-66547a8c14, FEDORA-2018-6edf04d9d6, FEDORA-2018-84a1f77d89, FEDORA-2018-8c06b6defd, FEDORA-2018-8d3a9bdff1, FEDORA-2018-b38a4dd0c7, VIGILANCE-VUL-27979.

Description of the vulnerability

An attacker can deceive the user via Backslashes of Symfony, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-19789

Symfony: information disclosure via File Uploads Form Types

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via File Uploads Form Types of Symfony, in order to obtain sensitive information.
Impacted products: Debian, eZ Platform, eZ Publish, Fedora, Symfony.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 06/12/2018.
Identifiers: CVE-2018-19789, DLA-1707-1, DSA-4441-1, EZSA-2018-010, FEDORA-2018-66547a8c14, FEDORA-2018-6edf04d9d6, FEDORA-2018-84a1f77d89, FEDORA-2018-8c06b6defd, FEDORA-2018-8d3a9bdff1, FEDORA-2018-b38a4dd0c7, VIGILANCE-VUL-27978.

Description of the vulnerability

An attacker can bypass access restrictions to data via File Uploads Form Types of Symfony, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-1000104 CVE-2016-1000105 CVE-2016-1000107

Web servers: creating client queries via the Proxy header

Synthesis of the vulnerability

An attacker can send a query with a malicious Proxy header to a web service hosting a CGI script creating web client queries, so they go through attacker's proxy.
Impacted products: Apache httpd, Tomcat, Mac OS X, Debian, Drupal Core, VNX Operating Environment, VNX Series, eZ Publish, Fedora, HP-UX, QRadar SIEM, Junos Space, NSM Central Manager, NSMXpress, lighttpd, IIS, nginx, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Perl Module ~ not comprehensive, PHP, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, TrendMicro ServerProtect, TYPO3 Core, Ubuntu, Varnish.
Severity: 3/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 12.
Creation date: 18/07/2016.
Identifiers: 1117414, 1994719, 1994725, 1999671, APPLE-SA-2017-09-25-1, bulletinjul2017, bulletinoct2016, c05324759, CERTFR-2016-AVI-240, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cpujan2018, CVE-2016-1000104, CVE-2016-1000105, CVE-2016-1000107, CVE-2016-1000108, CVE-2016-1000109, CVE-2016-1000110, CVE-2016-1000111, CVE-2016-1000212, CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, DLA-1883-1, DLA-553-1, DLA-568-1, DLA-583-1, DLA-749-1, DRUPAL-SA-CORE-2016-003, DSA-2019-131, DSA-3623-1, DSA-3631-1, DSA-3642-1, EZSA-2016-001, FEDORA-2016-07e9059072, FEDORA-2016-2c324d0670, FEDORA-2016-340e361b90, FEDORA-2016-4094bd4ad6, FEDORA-2016-4e7db3d437, FEDORA-2016-604616dc33, FEDORA-2016-683d0b257b, FEDORA-2016-970edb82d4, FEDORA-2016-9c8cf5912c, FEDORA-2016-9de7253cc7, FEDORA-2016-9fd814a7f2, FEDORA-2016-9fd9bfab9e, FEDORA-2016-a29c65b00f, FEDORA-2016-aef8a45afe, FEDORA-2016-c1b01b9278, FEDORA-2016-df0726ae26, FEDORA-2016-e2c8f5f95a, FEDORA-2016-ea5e284d34, HPSBUX03665, HT207615, HT208144, HT208221, httpoxy, JSA10770, JSA10774, openSUSE-SU-2016:1824-1, openSUSE-SU-2016:2054-1, openSUSE-SU-2016:2055-1, openSUSE-SU-2016:2115-1, openSUSE-SU-2016:2120-1, openSUSE-SU-2016:2252-1, openSUSE-SU-2016:2536-1, openSUSE-SU-2016:3092-1, openSUSE-SU-2016:3157-1, openSUSE-SU-2017:0223-1, RHSA-2016:1420-01, RHSA-2016:1421-01, RHSA-2016:1422-01, RHSA-2016:1538-01, RHSA-2016:1609-01, RHSA-2016:1610-01, RHSA-2016:1611-01, RHSA-2016:1612-01, RHSA-2016:1613-01, RHSA-2016:1624-01, RHSA-2016:1626-01, RHSA-2016:1627-01, RHSA-2016:1628-01, RHSA-2016:1629-01, RHSA-2016:1630-01, RHSA-2016:1635-01, RHSA-2016:1636-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:1978-01, RHSA-2016:2045-01, RHSA-2016:2046-01, SSA:2016-203-02, SSA:2016-358-01, SSA:2016-363-01, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, SUSE-SU-2019:0223-1, USN-3038-1, USN-3045-1, USN-3134-1, USN-3177-1, USN-3177-2, USN-3585-1, VIGILANCE-VUL-20143, VU#797896.

Description of the vulnerability

Most web servers support CGI scripts (PHP, Python, etc.).

According to the RFC 3875, when a web server receives a Proxy header, it has to create the HTTP_PROXY environment variable for CGI scripts.

However, this variable is also used to store the name of the proxy that web clients has to use. The PHP (via Guzzle, Artax, etc.) and Python scripts will thus use the proxy indicated in the web query for all client queries they will send during the CGI session.

An attacker can therefore send a query with a malicious Proxy header to a web service hosting a CGI script creating web client queries, so they go through attacker's proxy.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-4050

Symfony: privilege escalation via _controller

Synthesis of the vulnerability

An attacker can use the _controller parameter of Symfony, in order to change the behavior of a web site.
Impacted products: Debian, eZ Publish, Fedora, Symfony.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 27/05/2015.
Identifiers: 14759, CVE-2015-4050, DSA-3276-1, EZSA-2015-002, FEDORA-2015-9025, FEDORA-2015-9034, FEDORA-2015-9039, VIGILANCE-VUL-16994.

Description of the vulnerability

The Symfony product uses the "_controller" parameter (in YAML, XML, PHP) to choose the controller to be used to handle a route (url).

However, an attacker can directly use the "_controller" parameter in a "/_fragment" url, in order to change the controller. The attacker obtains an HTTP code 403 response, with a body generated by the controller.

An attacker can therefore use the _controller parameter of Symfony, in order to change the behavior of a web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2014-2552

eZ Publish BC Collected Information Export: information disclosure

Synthesis of the vulnerability

An attacker can use eZ Publish BC Collected Information Export, in order to obtain sensitive information.
Impacted products: eZ Publish.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/03/2014.
Identifiers: CVE-2014-2552, TWSL2014-004, VIGILANCE-VUL-14476.

Description of the vulnerability

The BC Collected Information Export extension can be installed on eZ Publish. It is used to export, in CSV format, data posted by users.

However, an attacker can directly request the export, to bypass access restrictions to data.

An attacker can therefore use eZ Publish BC Collected Information Export, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about eZ Publish: