CVE-2014-6061: 
PHP vulnerability analysis and mitigation

CVE-2014-6061 affects the Symfony HttpFoundation component's handling of HTTP Authorization headers. The vulnerability was disclosed on September 3, 2014, and impacts all 2.0.X through 2.5.X versions of the Symfony HttpFoundation component. The issue was fixed in versions 2.3.19, 2.4.9, and 2.5.4, though no fixes were provided for versions 2.0-2.2 as they were no longer maintained (Symfony Blog).

The vulnerability stems from improper parsing of the Authorization header in HTTP basic or digest authentication scenarios. When an application uses HTTP basic or digest authentication, Symfony does not parse the Authorization header in compliance with HTTP specifications, which could potentially be exploited in certain server configurations (Symfony Blog). The vulnerability has a CVSS v3 base score of 5.3 (Moderate), with attack vector being Network, attack complexity Low, and no privileges or user interaction required (GitHub Advisory).

While the full extent of potential exploitation was not demonstrated, the vulnerability could affect applications using HTTP basic or digest authentication. The impact primarily concerns the integrity of the authentication process, though no successful exploits were reported in the wild (Symfony Blog).

Users should upgrade to the fixed versions: Symfony 2.3.19, 2.4.9, or 2.5.4. Users of versions 2.0, 2.1, and 2.2 must upgrade to a supported version as no security fixes were provided for these legacy versions. The fix involves correcting the Authorization header parsing to comply with HTTP specifications (Symfony Blog).