CVE STALKER

CVE-2021-41267

CVSS
DESCRIPTIONSymfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the "trusted_headers" allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue. Versions 5.3.12 and later have a patch to ensure that the `X-Forwarded-Prefix` header is not forwarded to subrequests when it is not trusted.
HEAT SCORE25

WORDS

TWEETS

DATE TWEETS USER
2021-11-30 19:41:42New post from https://t.co/9KYxtdZjkl (CVE-2021-41267 (symfony)) has been published on https://t.co/jxLaPNYgp1 http://www.sesin.at https://www.sesin.at/2021/11/30/cve-2021-41267-symfony/www_sesin_at
2021-11-30 19:41:28New post from https://t.co/uXvPWJy6tj (CVE-2021-41267 (symfony)) has been published on https://t.co/nG73r0O6R6 http://www.sesin.at https://www.sesin.at/2021/11/30/cve-2021-41267-symfony/WolfgangSesin
2021-11-26 08:30:24CVE-2021-41267 Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console ap… https://t.co/t3bHwB7dxx https://twitter.com/i/web/status/1464149424511279108eyeTSystems
2021-11-25 01:31:37CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request - https://t.co/DNhl6lNuxb #PHP #PHPNews… https://t.co/SWReuQiBtQ http://phpinthenews.com/11716621/cve-2021-41267-webcache-poisoning-via-x-forwarded-prefix-and-sub-request?via=tw https://twitter.com/i/web/status/1463679468459986944phpinthenews
2021-11-24 23:20:43Let the annals of the day show that CVE-2021-41267... has been granted the moniker Crushed Candiru https://t.co/nggojIMiYd https://nvd.nist.gov/vuln/detail/CVE-2021-41267vulnonym
2021-11-24 22:13:10Symfony - CVE-2021-41267: https://t.co/T6BZAN9y5F https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2qLinInfoSec
2021-11-24 22:00:43CVE-2021-41267 Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console a… https://t.co/Zd55udcVF8 https://twitter.com/i/web/status/1463627203866996737VulmonFeeds
2021-11-24 21:42:24New post from https://t.co/uXvPWJy6tj (CVE-2021-41267) has been published on https://t.co/6x78U8kTJd http://www.sesin.at https://www.sesin.at/2021/11/24/cve-2021-41267/WolfgangSesin
2021-11-24 21:41:50New post from https://t.co/9KYxtdZjkl (CVE-2021-41267) has been published on https://t.co/SgMn8hUfjn http://www.sesin.at https://www.sesin.at/2021/11/24/cve-2021-41267/www_sesin_at
2021-11-24 20:50:13🚨 NEW: CVE-2021-41267 🚨 Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and c… https://t.co/wJf02VkAfP https://twitter.com/i/web/status/1463610762178580482threatintelctr
2021-11-24 20:20:10🚨 NEW: CVE-2021-41267 🚨 Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and c… https://t.co/aZ46CGwK6n https://twitter.com/i/web/status/1463603211865325571threatintelctr
2021-11-24 19:51:46CVE-2021-41267 Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console ap… https://t.co/J6kTiEdfhh https://twitter.com/i/web/status/1463594556440686597CVEnew
2021-11-24 19:20:32🚨 NEW: CVE-2021-41267 🚨 Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and c… https://t.co/BaQvlK0hYh https://twitter.com/i/web/status/1463588112110604302threatintelctr
2021-11-24 19:10:26CVE-2021-41267 : Symfony/Http-Kernel is the HTTP #kernel component for Symfony, a PHP framework for web and console… https://t.co/OFaruXj9Cf https://twitter.com/i/web/status/1463585059059994630CVEreport
2021-11-24 11:20:39CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request https://t.co/Bq0mN6cExZ https://t.co/ph3IkcHDMn http://dlvr.it/SD5tBnwebsagiles
2021-11-24 09:22:17CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request https://t.co/DaugZ20wur #symfony https://symfony.com/blog/cve-2021-41267-webcache-poisoning-via-x-forwarded-prefix-and-sub-requestsymfony