Vulnerability CVE-2016-4861

Vulnerability Name:

CVE-2016-4861 (CCN-116919)

Assigned:

2016-09-15

Published:

2016-09-15

Updated:

2018-10-21

Summary:

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.4 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-89

Vulnerability Consequences:

Data Manipulation

References:

Source: MITRE
Type: CNA
CVE-2016-4861

Source: CCN
Type: JVN#18926672
Zend Framework vulnerable to SQL injection

Source: JVN
Type: Third Party Advisory, VDB Entry
JVN#18926672

Source: JVNDB
Type: Third Party Advisory, VDB Entry
JVNDB-2016-000158

Source: XF
Type: UNKNOWN
zendframework-cve20164861-sql-injection(116919)

Source: CCN
Type: Zend Framework Web site
Zend Framework - Home

Source: CONFIRM
Type: Exploit, Technical Description, Vendor Advisory
https://framework.zend.com/security/advisory/ZF2016-03

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20180628 [SECURITY] [DLA 1403-1] zendframework security update

Source: FEDORA
Type: Third Party Advisory
FEDORA-2016-7f193a0c59

Source: FEDORA
Type: Third Party Advisory
FEDORA-2016-77e5105570

Source: FEDORA
Type: Third Party Advisory
FEDORA-2016-666d95d1d5

Source: GENTOO
Type: UNKNOWN
GLSA-201804-10

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-4861

Vulnerable Configuration:

Configuration 1:

cpe:/o:fedoraproject:fedora:23:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:24:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:25:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:zend:zend_framework:*:*:*:*:*:*:*:* (Version <= 1.12.19)

Configuration CCN 1:

cpe:/a:zend:zend_framework:1.12.19:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.bionic:def:201648610000000	V	CVE-2016-4861 on Ubuntu 18.04 LTS (bionic) - medium.	2017-02-17
oval:com.ubuntu.xenial:def:201648610000000	V	CVE-2016-4861 on Ubuntu 16.04 LTS (xenial) - medium.	2017-02-17
oval:com.ubuntu.artful:def:20164861000	V	CVE-2016-4861 on Ubuntu 17.10 (artful) - medium.	2017-02-16
oval:com.ubuntu.trusty:def:20164861000	V	CVE-2016-4861 on Ubuntu 14.04 LTS (trusty) - medium.	2017-02-16
oval:com.ubuntu.bionic:def:20164861000	V	CVE-2016-4861 on Ubuntu 18.04 LTS (bionic) - medium.	2017-02-16
oval:com.ubuntu.xenial:def:20164861000	V	CVE-2016-4861 on Ubuntu 16.04 LTS (xenial) - medium.	2017-02-16
oval:com.ubuntu.cosmic:def:20164861000	V	CVE-2016-4861 on Ubuntu 18.10 (cosmic) - medium.	2017-02-16
oval:com.ubuntu.cosmic:def:201648610000000	V	CVE-2016-4861 on Ubuntu 18.10 (cosmic) - medium.	2017-02-16
oval:com.ubuntu.precise:def:20164861000	V	CVE-2016-4861 on Ubuntu 12.04 LTS (precise) - medium.	2017-02-16

BACK