CVE-2016-2403

Source
https://cve.org/CVERecord?id=CVE-2016-2403
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2403.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-2403
Aliases
Downstream
Published
2017-02-07T17:59:00.303Z
Modified
2026-07-08T22:45:25.873740Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.

References

Affected packages

Git / github.com/symfony/security-http

Affected ranges

Type
GIT
Repo
https://github.com/symfony/security-http
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": [
        "cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "2.8.0"
        },
        {
            "last_affected": "2.8.0"
        },
        {
            "introduced": "2.8.1"
        },
        {
            "last_affected": "2.8.1"
        },
        {
            "introduced": "2.8.2"
        },
        {
            "last_affected": "2.8.2"
        },
        {
            "introduced": "2.8.3"
        },
        {
            "last_affected": "2.8.3"
        },
        {
            "introduced": "2.8.4"
        },
        {
            "last_affected": "2.8.4"
        },
        {
            "introduced": "2.8.5"
        },
        {
            "last_affected": "2.8.5"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "last_affected": "3.0.0"
        },
        {
            "introduced": "3.0.1"
        },
        {
            "last_affected": "3.0.1"
        },
        {
            "introduced": "3.0.2"
        },
        {
            "last_affected": "3.0.2"
        },
        {
            "introduced": "3.0.3"
        },
        {
            "last_affected": "3.0.3"
        },
        {
            "introduced": "3.0.4"
        },
        {
            "last_affected": "3.0.4"
        },
        {
            "introduced": "3.0.5"
        },
        {
            "last_affected": "3.0.5"
        }
    ]
}

Affected versions

2.*
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
3.*
3.0.0
3.0.1
3.0.2
3.0.4
3.0.5

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2403.json"

Git / github.com/symfony/symfony

Affected ranges

Type
GIT
Repo
https://github.com/symfony/symfony
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": [
        "cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "2.8.0"
        },
        {
            "last_affected": "2.8.0"
        },
        {
            "introduced": "2.8.1"
        },
        {
            "last_affected": "2.8.1"
        },
        {
            "introduced": "2.8.2"
        },
        {
            "last_affected": "2.8.2"
        },
        {
            "introduced": "2.8.3"
        },
        {
            "last_affected": "2.8.3"
        },
        {
            "introduced": "2.8.4"
        },
        {
            "last_affected": "2.8.4"
        },
        {
            "introduced": "2.8.5"
        },
        {
            "last_affected": "2.8.5"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "last_affected": "3.0.0"
        },
        {
            "introduced": "3.0.1"
        },
        {
            "last_affected": "3.0.1"
        },
        {
            "introduced": "3.0.2"
        },
        {
            "last_affected": "3.0.2"
        },
        {
            "introduced": "3.0.3"
        },
        {
            "last_affected": "3.0.3"
        },
        {
            "introduced": "3.0.4"
        },
        {
            "last_affected": "3.0.4"
        },
        {
            "introduced": "3.0.5"
        },
        {
            "last_affected": "3.0.5"
        }
    ]
}

Affected versions

2.*
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2403.json"