cnvd - cnvd-2016-06338

cnvd-2016-06338

Vulnerability from cnvd

Title: Ruby on Rails Active Record SQL注入漏洞（CNVD-2016-06338）

Description:

Ruby on Rails（Rails）是Rails核心团队开发维护的一套基于Ruby语言的开源Web应用框架，它是由大卫-海纳梅尔-韩森从美国37signals公司的项目管理工具Basecamp里分离出来的。Active Record是其中的一个领域模型模式。

Ruby on Rails Active Record 4.2.7.1之前的4.2.x版本中存在SQL注入漏洞。攻击者可利用该漏洞从数据库底层获取敏感信息。

Severity: 高

Patch Name: Ruby on Rails Active Record SQL注入漏洞（CNVD-2016-06338）的补丁

Patch Description:

Ruby on Rails Active Record 4.2.7.1之前的4.2.x版本中存在SQL注入漏洞。攻击者可利用该漏洞从数据库底层获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： http://rubyonrails.org/

Reference: http://www.securityfocus.com/bid/92434

Impacted products

Name
Ruby on Rails Active Record 4.2.*，<4.2.7.1

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "92434"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6317"
    }
  },
  "description": "Ruby on Rails\uff08Rails\uff09\u662fRails\u6838\u5fc3\u56e2\u961f\u5f00\u53d1\u7ef4\u62a4\u7684\u4e00\u5957\u57fa\u4e8eRuby\u8bed\u8a00\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\uff0c\u5b83\u662f\u7531\u5927\u536b-\u6d77\u7eb3\u6885\u5c14-\u97e9\u68ee\u4ece\u7f8e\u56fd37signals\u516c\u53f8\u7684\u9879\u76ee\u7ba1\u7406\u5de5\u5177Basecamp\u91cc\u5206\u79bb\u51fa\u6765\u7684\u3002Active Record\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u9886\u57df\u6a21\u578b\u6a21\u5f0f\u3002\r\n\r\nRuby on Rails Active Record 4.2.7.1\u4e4b\u524d\u76844.2.x\u7248\u672c\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u6570\u636e\u5e93\u5e95\u5c42\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "joernchen (Phenoelit)",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://rubyonrails.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-06338",
  "openTime": "2016-08-16",
  "patchDescription": "Ruby on Rails\uff08Rails\uff09\u662fRails\u6838\u5fc3\u56e2\u961f\u5f00\u53d1\u7ef4\u62a4\u7684\u4e00\u5957\u57fa\u4e8eRuby\u8bed\u8a00\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\uff0c\u5b83\u662f\u7531\u5927\u536b-\u6d77\u7eb3\u6885\u5c14-\u97e9\u68ee\u4ece\u7f8e\u56fd37signals\u516c\u53f8\u7684\u9879\u76ee\u7ba1\u7406\u5de5\u5177Basecamp\u91cc\u5206\u79bb\u51fa\u6765\u7684\u3002Active Record\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u9886\u57df\u6a21\u578b\u6a21\u5f0f\u3002\r\n\r\nRuby on Rails Active Record 4.2.7.1\u4e4b\u524d\u76844.2.x\u7248\u672c\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u6570\u636e\u5e93\u5e95\u5c42\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Ruby on Rails Active Record SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2016-06338\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Ruby on Rails Active Record 4.2.*\uff0c\u003c4.2.7.1"
  },
  "referenceLink": "http://www.securityfocus.com/bid/92434",
  "serverity": "\u9ad8",
  "submitTime": "2016-08-16",
  "title": "Ruby on Rails Active Record SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2016-06338\uff09"
}

CVE-2016-6317 (GCVE-0-2016-6317)

Vulnerability from cvelistv5

Published

2016-09-07 19:00

Modified

2024-08-06 01:29

Severity ?

CWE

Summary

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/92434	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2016/08/11/4	mailing-list, x_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2016-1855.html	vendor-advisory, x_refsource_REDHAT
	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/	x_refsource_CONFIRM
	https://groups.google.com/forum/#%21topic/ruby-security-ann/WccgKSKiPZA	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:18.444Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "92434",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92434"
          },
          {
            "name": "[oss-security] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/08/11/4"
          },
          {
            "name": "RHSA-2016:1855",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"
          },
          {
            "name": "[ruby-security-ann] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21topic/ruby-security-ann/WccgKSKiPZA"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "92434",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92434"
        },
        {
          "name": "[oss-security] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/08/11/4"
        },
        {
          "name": "RHSA-2016:1855",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"
        },
        {
          "name": "[ruby-security-ann] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://groups.google.com/forum/#%21topic/ruby-security-ann/WccgKSKiPZA"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-6317",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "92434",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92434"
            },
            {
              "name": "[oss-security] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/08/11/4"
            },
            {
              "name": "RHSA-2016:1855",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html"
            },
            {
              "name": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/",
              "refsource": "CONFIRM",
              "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"
            },
            {
              "name": "[ruby-security-ann] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record",
              "refsource": "MLIST",
              "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6317",
    "datePublished": "2016-09-07T19:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:18.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted