Candidate: CVE-2016-2403
PublicDate: 2017-02-07 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
Description:
 Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass
 authentication by logging in with an empty password and valid username,
 which triggers an unauthenticated bind.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_symfony:
upstream_symfony: released (2.8.6+dfsg-1)
precise_symfony: DNE
precise/esm_symfony: DNE
trusty_symfony: DNE
trusty/esm_symfony: DNE
vivid/stable-phone-overlay_symfony: DNE
vivid/ubuntu-core_symfony: DNE
wily_symfony: ignored (reached end-of-life)
xenial_symfony: not-affected (code not present)
yakkety_symfony: ignored (reached end-of-life)
zesty_symfony: ignored (reached end-of-life)
artful_symfony: ignored (reached end-of-life)
bionic_symfony: not-affected (3.4.6+dfsg-1)
devel_symfony: not-affected (3.4.15+dfsg-2ubuntu4)