Denial of Service Vulnerability in Symfony's HttpFoundation Component

Denial of Service Vulnerability in Symfony's HttpFoundation Component

CVE-2018-11386 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.

Learn more about our Web Application Penetration Testing UK.