admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-01 11:11:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2016/CVE-2016-63xx/CVE-2016-6317.json

258 lines
9.5 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2016-6317",
"sourceIdentifier": "secalert@redhat.com",
"published": "2016-09-07T19:28:11.410",
"lastModified": "2019-08-08T15:16:49.297",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155."
},
{
"lang": "es",
"value": "Action Record en Ruby en Rails 4.2.x en versiones anteriores a 4.2.7.1 no considera adecuadamente las diferencias en en el manejo de par\u00e1metros entre el componente Active Record y la implementaci\u00f3n de JSON, lo que permite a atacantes remotos eludir restricciones destinadas a la consulta de base de datos y realizar comprobaciones NULL o desencadenar clausulas perdidas WHERE a trav\u00e9s de un solicitud manipulada, como se demuestra por ciertos valores \"[nil]\", un problema relacionado con CVE-2012-2660, CVE-2012-2694 y CVE-2013-0155."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A68D41F-36A9-4B77-814D-996F4E48FA79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "709A19A5-8FD1-4F9C-A38C-F06242A94D68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8104482C-E8F5-40A7-8B27-234FEF725FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2CFF8677-EA00-4F7E-BFF9-272482206DB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8D7DF5CD-DA28-492D-B5EE-D252ECCC8D96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "85435026-9855-4BF4-A436-832628B005FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "56C2308F-A590-47B0-9791-7865D189196F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A266882-DABA-4A4C-88E6-60E993EE0947"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83F1142C-3BFB-4B72-A033-81E20DB19D02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1FA738A1-227B-4665-B65E-666883FFAE96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6F00718C-A9E8-4E85-8DA6-33BF11F2DCCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10789A2D-6401-4119-BFBE-2EE4C16216D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "70ABD462-7142-4831-8EB6-801EC1D05573"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81D717DB-7C80-48AA-A774-E291D2E75D6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06B357FB-0307-4EFA-9C5B-3C2CDEA48584"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E4BD8840-0F1C-49D3-B843-9CFE64948018"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79D5B492-43F9-470F-BD21-6EFD93E78453"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4EC1F602-D48C-458A-A063-4050BE3BB25F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A1C015-56AD-489C-B301-68CF1DBF1BEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD191625-ACE2-46B6-9AAD-12D682C732C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "02C7DB56-267B-4057-A9BA-36D1E58C6282"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC163D49-691B-4125-A983-6CF6F6D86DEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68B537D1-1584-4D15-9C75-08ED4D45DC3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A19315C-9A9D-45FE-81C8-074744825B98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E3B4233-E117-4E77-A60D-3DFD5073154D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "392CF25B-8400-4185-863F-D6353B664FB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3037282A-863A-4C92-A40C-4D436D2621C1"
}
]
}
]
}
],
"references": [
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html",
"source": "secalert@redhat.com"
},
{
"url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/",
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/4",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/92434",
"source": "secalert@redhat.com"
},
{
"url": "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA",
"source": "secalert@redhat.com"
}
]
}
Reference in New Issue Copy Permalink