mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
349 lines
11 KiB
JSON
349 lines
11 KiB
JSON
{
|
|
"id": "CVE-2015-5723",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2016-06-07T14:06:08.697",
|
|
"lastModified": "2016-11-28T19:35:18.967",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Doctrine Annotations en versiones anteriores a 1.2.7, Cache en versiones anteriores a 1.3.2 y 1.4.x en versiones anteriores a 1.4.2, Common en versiones anteriores a 2.4.3 y 2.5.x en versiones anteriores a 2.5.1, ORM en versiones anteriores 2.4.8 o 2.5.x en versiones anteriores 2.5.1, MongoDB ODM en versiones anteriores a 1.0.2 y MongoDB ODM Bundle en versiones anteriores a 3.0.1 utilizan permisos de escritura universal para directorios de cach\u00e9, lo que permite a usuarios locales ejecutar c\u00f3digo PHP arbitrario con privilegios adicionales aprovechando una aplicaci\u00f3n con el umask establecido a 0 y que ejecuta entradas de cach\u00e9 como c\u00f3digo."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
|
"accessVector": "LOCAL",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 7.2
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-264"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zend:zend-cache:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "2.4.7",
|
|
"matchCriteriaId": "67A5BE81-0B49-43A9-B4D3-54FCE0D6AE28"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zend:zend-cache:2.5.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4E95FED4-A1B2-4851-AF95-0979121C0A69"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zend:zend-cache:2.5.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DAC6C748-A52E-47A4-A615-70E59D1D30EC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zend:zend-cache:2.5.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ED45A472-B109-44FA-901B-164DF0F4DF40"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "2.4.7",
|
|
"matchCriteriaId": "8904C198-BB8B-4E8C-80ED-CC4676065781"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5ED8B959-CE8F-49AA-B998-8598C8F0A6D3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:alpha1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C2A8659A-7A7F-40B9-B60F-71FE4637B016"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:alpha2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2C887BAC-8EEC-4F3D-B1D8-023B80A3D8B1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:beta1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "75BA49E2-ABC5-4A61-968B-1CAA2FF7A942"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F2D4F787-6BE1-4CC6-9A24-00EE601ACCEE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E14E6992-D334-465E-ACE9-F0D0DA6FDC05"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:doctrinemongodbbundle:3.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5E8FB62B-8DB3-46D9-9636-B877B10061C1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "2.4.7",
|
|
"matchCriteriaId": "1AB7019C-C868-4512-8855-F6ED2AC6A3A7"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:common:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "2.4.2",
|
|
"matchCriteriaId": "F004153E-7D36-4621-96DC-C47522EC1204"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:common:2.5.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A88FB2A6-8AE3-46F4-91EB-BD7CAE22A83D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:common:2.5.0:beta1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DF529016-31C4-4948-BA5C-3ED7C3DE062C"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:annotations:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "1.2.6",
|
|
"matchCriteriaId": "520EA826-22BD-496F-9DC9-267C76319B23"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:mongodb-odm:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "1.0.1",
|
|
"matchCriteriaId": "DF62C793-9B7F-4B67-A7AC-CD27F6670B2D"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "1.12.15",
|
|
"matchCriteriaId": "F2CA52AF-D551-4CE9-A4CD-F264F702634A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:cache:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "1.3.1",
|
|
"matchCriteriaId": "809D06DE-60BB-4697-94E7-CEE067FED890"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:cache:1.4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0E592D06-5F25-4015-A780-595130F48055"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:doctrine-project:cache:1.4.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B0E6EA11-5D22-42C7-A085-28CCF728F4C5"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zend:zf-apigility-doctrine:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "1.0.2",
|
|
"matchCriteriaId": "461C9713-8E45-4642-8D35-F9878F931080"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://framework.zend.com/security/advisory/ZF2015-07",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.debian.org/security/2015/dsa-3369",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |