Vulnerability CVE-2016-6317

Vulnerability Name:

CVE-2016-6317 (CCN-116786)

Assigned:

2016-08-11

Published:

2016-08-11

Updated:

2019-08-08

Summary:

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-476
CWE-284

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2016-6317

Source: CCN
Type: RHSA-2016-1855
Moderate: rh-ror42 security update

Source: REDHAT
Type: UNKNOWN
RHSA-2016:1855

Source: CCN
Type: Ruby on Rails Web site
Ruby on Rails Web site

Source: CONFIRM
Type: Release Notes
http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/

Source: CCN
Type: IBM Security Bulletin 1991913 (Endpoint Manager for Security and Compliance)
Multiple vulnerabilities in RubyOnRails affects IBM BigFix Compliance Analytics. (CVE-2016-6316, CVE-2016-6317

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record

Source: BID
Type: UNKNOWN
92434

Source: CCN
Type: BID-92434
Ruby on Rails Active Record CVE-2016-6317 SQL Injection Vulnerability

Source: XF
Type: UNKNOWN
rails-cve20166317-sec-bypass(116786)

Source: CCN
Type: Google Web site
[CVE-2016-6317] Unsafe Query Generation Risk in Active Record

Source: MLIST
Type: UNKNOWN
[ruby-security-ann] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record

Vulnerable Configuration:

Configuration 1:

cpe:/a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.5.2:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.6:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.6:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.7:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.7:rc1:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20166317	V	CVE-2016-6317	2022-05-20
oval:org.opensuse.security:def:55993	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:57108	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:57976	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:57952	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:57902	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:55170	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:55310	P	Security update for sudo (Important)	2021-03-24
oval:org.opensuse.security:def:57559	P	Security update for MozillaFirefox (Important)	2021-03-01
oval:org.opensuse.security:def:57002	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:55827	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:57833	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:55721	P	Security update for openssh (Critical)	2020-12-01
oval:org.opensuse.security:def:56429	P	Security update for libsoup (Important)	2020-12-01
oval:org.opensuse.security:def:57759	P	libIlmImf-Imf_2_1-21 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56591	P	Security update for openslp (Important)	2020-12-01
oval:org.opensuse.security:def:55147	P	ibus-chewing on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57871	P	libxcb-dri2-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56386	P	Security update for libcdio (Moderate)	2020-12-01
oval:org.opensuse.security:def:56552	P	Security update for libofx (Important)	2020-12-01
oval:org.opensuse.security:def:57274	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:55548	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:56428	P	Security update for librsvg (Low)	2020-12-01
oval:org.opensuse.security:def:56671	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:57667	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56451	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:56278	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:56829	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:55148	P	icu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56478	P	Security update for wget (Important)	2020-12-01
oval:org.opensuse.security:def:56590	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:80611	P	Security update for the Ruby on Rails stack (Moderate)	2017-10-12
oval:com.ubuntu.cosmic:def:201663170000000	V	CVE-2016-6317 on Ubuntu 18.10 (cosmic) - medium.	2016-09-07
oval:com.ubuntu.artful:def:20166317000	V	CVE-2016-6317 on Ubuntu 17.10 (artful) - untriaged.	2016-09-07
oval:com.ubuntu.trusty:def:20166317000	V	CVE-2016-6317 on Ubuntu 14.04 LTS (trusty) - medium.	2016-09-07
oval:com.ubuntu.bionic:def:201663170000000	V	CVE-2016-6317 on Ubuntu 18.04 LTS (bionic) - medium.	2016-09-07
oval:com.ubuntu.bionic:def:20166317000	V	CVE-2016-6317 on Ubuntu 18.04 LTS (bionic) - medium.	2016-09-07
oval:com.ubuntu.xenial:def:20166317000	V	CVE-2016-6317 on Ubuntu 16.04 LTS (xenial) - medium.	2016-09-07
oval:com.ubuntu.xenial:def:201663170000000	V	CVE-2016-6317 on Ubuntu 16.04 LTS (xenial) - medium.	2016-09-07
oval:com.ubuntu.cosmic:def:20166317000	V	CVE-2016-6317 on Ubuntu 18.10 (cosmic) - medium.	2016-09-07
oval:com.ubuntu.disco:def:201663170000000	V	CVE-2016-6317 on Ubuntu 19.04 (disco) - medium.	2016-09-07
oval:com.ubuntu.precise:def:20166317000	V	CVE-2016-6317 on Ubuntu 12.04 LTS (precise) - untriaged.	2016-09-07

BACK