CVE-2016-2403

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-2403
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2403.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-2403
Aliases
Downstream
Published
2017-02-07T17:59:00.303Z
Modified
2026-04-11T15:23:22.497486Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.

References

Affected packages

Git / github.com/symfony/symfony

Affected ranges

Type
GIT
Repo
https://github.com/symfony/symfony
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5615b92cd452cd54f1433a3f53de87c096a1107f
Last affected
8956ed50a44c5c4e02f2176c0773e24487477b09
Last affected
f3e6a82bcbea4db3b56df08e491e20a1faae82b5
Last affected
7a9a5fce7ce6e448e527f635463dda00761e12c2
Last affected
9e14f9f4869c19188a376eab61d9a1c1f1fee347
Last affected
39ddd2383f4113cf67f8b28cde2c9d3fa340c3c2
Last affected
eb2a4f5f7a09fc4ce7a74ae883a8cf8a279614f5
Last affected
979d7323716fec847508eac3e62d59b117612a6e
Last affected
18c3d4f356931a5b6a4afb0cc679a2c58931c795
Last affected
09ae53562ce8b7842206efa217ec81442975f055
Last affected
4e17cb2ecb3fd637097ebeb871fc0e2cbdd5e7ff
Last affected
10c83b58fbb42be516377de54962a758695ad964
Database specific 
{
    "cpe": [
        "cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.0"
        },
        {
            "last_affected": "2.8.1"
        },
        {
            "last_affected": "2.8.2"
        },
        {
            "last_affected": "2.8.3"
        },
        {
            "last_affected": "2.8.4"
        },
        {
            "last_affected": "2.8.5"
        },
        {
            "last_affected": "3.0.0"
        },
        {
            "last_affected": "3.0.1"
        },
        {
            "last_affected": "3.0.2"
        },
        {
            "last_affected": "3.0.3"
        },
        {
            "last_affected": "3.0.4"
        },
        {
            "last_affected": "3.0.5"
        }
    ]
}

Affected versions

v2.*
v2.0.0
v2.0.0-RC1
v2.0.0-RC2
v2.0.0-RC3
v2.0.0-RC4
v2.0.0-RC5
v2.0.0-RC6
v2.0.0BETA1
v2.0.0BETA2
v2.0.0BETA3
v2.0.0BETA4
v2.0.0BETA5
v2.0.0PR8
v2.1.0
v2.1.0-BETA1
v2.1.0-BETA2
v2.1.0-BETA3
v2.1.0-BETA4
v2.1.0-RC1
v2.1.0-RC2
v2.2.0-BETA1
v2.2.0-BETA2
v2.3.0-BETA1
v2.3.0-BETA2
v2.4.0-BETA1
v2.4.0-BETA2
v2.5.0-BETA1
v2.5.0-BETA2
v2.6.0-BETA1
v2.8.0
v2.8.0-BETA1
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v3.*
v3.0.0
v3.0.0-BETA1
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
Other
vPR3
vPR4
vPR5
vPR6
vPR8
vPR9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2403.json"