关键漏洞信息 漏洞编号: Bug 880240 (CVE-2012-5574) 漏洞描述: Ability to read arbitrary files on the server, readable with the web server privileges 报告时间: 2012-11-26 14:59 UTC 修改时间: 2019-09-29 12:58 UTC 状态: CLOSED ERRATA 版本影响: Symfony 1.4.20 严重性: low 漏洞详情 漏洞类型: Information disclosure flaw 影响范围: Symfony framework, Open-source PHP web framework 攻击方式: Remote attacker can obtain unauthorized read access to arbitrary system files readable with the privileges of the web server process. 修复与更新 相关更新包: php-symfony-symfony-1.4.20-2.fc18, php-symfony-symfony-1.4.20-2.fc17, php-symfony-symfony-1.4.20-2.fc16, php-symfony-symfony-1.4.20-2.el6 影响版本: Fedora release 16, 17, Fedora EPEL 6 参考链接 1. Symfony Security Release 2. Gentoo Bug 3. Symfony Project Changeset CVE 请求与分配 CVE 请求链接: CVE Request CVE 分配: CVE-2012-5574