Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sensio Labs Symfony Ldap组件安全漏洞
Vulnerability Description
Sensio Labs Symfony是法国Sensio Labs公司的一套免费的、基于MVC架构的PHP开发框架,它提供常用的功能组件及工具,可用于快速创建复杂的WEB程序。Ldap component是其中的一个轻量级目录访问协议组件。 Sensio Labs Symfony中的Ldap组件存在安全漏洞。远程攻击者可借助有效的用户名和空密码进行登录利用该漏洞绕过身份验证。以下版本受到影响:Sensio Labs Symfony 2.8.37之前的2.8.x版本,3.3.17之前的3.3.x版本,3.4
CVSS Information
N/A
Vulnerability Type
N/A