Vulners
Lucene search
GLSA-201408-01 : Zend Framework: SQL injection
šļøĀ 05 Aug 2014Ā 00:00:00Reported byĀ TenableTypeĀ 
Ā nessusšĀ www.tenable.comšĀ 33Ā Views
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2011-1939 | 19 May 201100:00 | ā | circl |
 | CVE-2011-1939 | 26 Nov 201921:17 | ā | cve |
 | CVE-2011-1939 | 26 Nov 201921:17 | ā | cvelist |
 | EUVD-2011-1937 | 7 Oct 202500:30 | ā | euvd |
 | Zend Framework: SQL injection | 4 Aug 201400:00 | ā | gentoo |
 | CVE-2011-1939 | 26 Nov 201922:15 | ā | nvd |
 | Gentoo Security Advisory GLSA 201408-01 | 29 Sep 201500:00 | ā | openvas |
 | Sql injection | 26 Nov 201922:15 | ā | prion |
 | CVE-2011-1939 | 26 Nov 201922:15 | ā | ubuntucve |
| Source | Link |
|---|---|
| security | www.security.gentoo.org/glsa/201408-01 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201408-01.
#
# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(76996);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2011-1939");
script_bugtraq_id(47919);
script_xref(name:"GLSA", value:"201408-01");
script_name(english:"GLSA-201408-01 : Zend Framework: SQL injection");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-201408-01
(Zend Framework: SQL injection)
Developers using non-ASCII-compatible encodings in conjunction with the
MySQL PDO driver of PHP may be vulnerable to SQL injection attacks.
Impact :
A remote attacker could use specially crafted input to execute arbitrary
SQL statements.
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/201408-01"
);
script_set_attribute(
attribute:"solution",
value:
"All ZendFramework users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-php/ZendFramework-1.11.6'
NOTE: This is a legacy GLSA. Updates for all affected architectures have
been
available since 2011-06-07. It is likely that your system is already
updated
to no longer be affected by this issue."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:X/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ZendFramework");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/26");
script_set_attribute(attribute:"patch_publication_date", value:"2014/08/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/05");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"dev-php/ZendFramework", unaffected:make_list("ge 1.11.6"), vulnerable:make_list("lt 1.11.6"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Zend Framework");
}
Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Jan 2021 00:00Current
8.3High risk
Vulners AI Score8.3
CVSS 27.5
CVSS 3.19.8
EPSS0.03858