Search for vulnerabilities
Vulnerability details: VCID-zbme-ygft-4qht
Vulnerability ID VCID-zbme-ygft-4qht
Aliases CVE-2018-14773
GHSA-8wgj-6wx8-h5hq
Summary access restriction bypass
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.05014 https://api.first.org/data/v1/epss?cve=CVE-2018-14773
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-8wgj-6wx8-h5hq
cvssv3.1 6.5 https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
cvssv3.1 6.5 https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
cvssv3.1 6.5 https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
generic_textual MODERATE https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
cvssv3.1 6.5 https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-14773
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2018-14773
cvssv3.1 6.5 https://seclists.org/bugtraq/2019/May/21
generic_textual MODERATE https://seclists.org/bugtraq/2019/May/21
archlinux Medium https://security.archlinux.org/AVG-744
cvssv3.1 6.5 https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
generic_textual MODERATE https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
cvssv3.1 6.5 https://www.debian.org/security/2019/dsa-4441
generic_textual MODERATE https://www.debian.org/security/2019/dsa-4441
cvssv3.1 6.5 https://www.drupal.org/SA-CORE-2018-005
generic_textual MODERATE https://www.drupal.org/SA-CORE-2018-005
cvssv3.1 6.5 http://www.securityfocus.com/bid/104943
generic_textual MODERATE http://www.securityfocus.com/bid/104943
cvssv3.1 6.5 http://www.securitytracker.com/id/1041405
generic_textual MODERATE http://www.securitytracker.com/id/1041405
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2018-14773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14773
https://seclists.org/bugtraq/2019/May/21
https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
https://www.debian.org/security/2019/dsa-4441
https://www.drupal.org/SA-CORE-2018-005
http://www.securityfocus.com/bid/104943
http://www.securitytracker.com/id/1041405
AVG-744 https://security.archlinux.org/AVG-744
GHSA-8wgj-6wx8-h5hq https://github.com/advisories/GHSA-8wgj-6wx8-h5hq
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-14773
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://seclists.org/bugtraq/2019/May/21
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://www.debian.org/security/2019/dsa-4441
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://www.drupal.org/SA-CORE-2018-005
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at http://www.securityfocus.com/bid/104943
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at http://www.securitytracker.com/id/1041405
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.89236
EPSS Score 0.05014
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T11:54:38.659918+00:00 Arch Linux Importer Import https://security.archlinux.org/AVG-744 36.1.3