Zend Framework < 2.0.8 / 2.1.x < 2.1.4 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9146

Synopsis

The remote host is using a version of Zend Framework that is vulnerable to multiple attack vectors.

Description

Versions of Zend Framework earlier than 2.0.8, or 2.1.x earlier than 2.1.4 are exposed to the following issues :

- A flaw exists that may allow an attacker to carry out an SQL injection attack. The issue is due to 'Zend\Db\Adapter\Platform' not properly sanitizing user-supplied input to the 'quoteValue()' and 'quoteValueList()' methods. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (OSVDB 91478)
- A flaw that is due to 'Zend\Validate\Csrf' using the cryptographically weak 'mt_rand' function as a way to generate predictable CSRF tokens. This may allow a remote attacker to conduct a seed recovery attack to more easily gain access to the application. (OSVDB 91479)
- A flaw exists in 'Zend\Mvc'. The issue is triggered during the parsing of query parameters, which may allow a remote attacker to change routing parameters already captured in RouteMatch. (OSVDB 91480)

Solution

Upgrade Zend Framework to version 2.1.4 or later. If version 2.1.x is not available, version 2.0.8 is also patched for these vulnerabilities.

See Also

http://framework.zend.com

http://framework.zend.com/changelog/2.1.4

http://framework.zend.com/security/advisory/ZF2013-03

http://framework.zend.com/security/advisory/ZF2013-02

http://framework.zend.com/security/advisory/ZF2013-01

Plugin Details

Severity: High

ID: 9146

File Name: 9146.prm

Family: CGI

Published: 2016/03/15

Modified: 2016/03/15

Dependencies: 9135

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:thomas_breuss:zend_framework_integration_zend_framework

Patch Publication Date: 2013/03/14

Vulnerability Publication Date: 2013/03/14

Reference Information

BID: 58530