Zend Framework < 2.0.8 / 2.1.x < 2.1.4 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9146

Synopsis

The remote host is using a version of Zend Framework that is vulnerable to multiple attack vectors.

Description

Versions of Zend Framework earlier than 2.0.8, or 2.1.x earlier than 2.1.4 are exposed to the following issues :

- A flaw exists that may allow an attacker to carry out an SQL injection attack. The issue is due to 'Zend\Db\Adapter\Platform' not properly sanitizing user-supplied input to the 'quoteValue()' and 'quoteValueList()' methods. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
- A flaw that is due to 'Zend\Validate\Csrf' using the cryptographically weak 'mt_rand' function as a way to generate predictable CSRF tokens. This may allow a remote attacker to conduct a seed recovery attack to more easily gain access to the application.
- A flaw exists in 'Zend\Mvc'. The issue is triggered during the parsing of query parameters, which may allow a remote attacker to change routing parameters already captured in RouteMatch.

Solution

Upgrade Zend Framework to version 2.1.4 or later. If version 2.1.x is not available, version 2.0.8 is also patched for these vulnerabilities.

See Also

http://framework.zend.com

http://framework.zend.com/changelog/2.1.4

http://framework.zend.com/security/advisory/ZF2013-03

http://framework.zend.com/security/advisory/ZF2013-02

http://framework.zend.com/security/advisory/ZF2013-01

Plugin Details

Severity: High

ID: 9146

Family: CGI

Published: 3/15/2016

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:thomas_breuss:zend_framework_integration_zend_framework

Patch Publication Date: 3/14/2013

Vulnerability Publication Date: 3/14/2013

Reference Information

BID: 58530