id: symfony-security-config info: name: Symfony Security Configuration File - Detect author: dahse89 severity: info description: Symfony security configuration file was detected. reference: - https://symfony2-document.readthedocs.io/en/latest/book/security.html - https://symfony.com/doc/current/reference/configuration/security.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 cwe-id: CWE-200 tags: config,exposure,symfony metadata: max-request: 2 http: - method: GET path: - "{{BaseURL}}/config/packages/security.yaml" - "{{BaseURL}}/app/config/security.yml" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "security:" - "firewalls:" - "access_control:" condition: and part: body