gsd - gsd-2016-8580

gsd-2016-8580

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.

Aliases

CVE-2016-8580

Aliases

CVE-2016-8580

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8580",
    "description": "PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.",
    "id": "GSD-2016-8580",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2016-8580"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8580"
      ],
      "details": "PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.",
      "id": "GSD-2016-8580",
      "modified": "2023-12-13T01:21:22.466194Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-8580",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities",
            "refsource": "CONFIRM",
            "url": "https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities"
          },
          {
            "name": "40682",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/40682/"
          },
          {
            "name": "93864",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93864"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:alienvault:unified_security_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:alienvault:open_source_security_information_and_event_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-8580"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities"
            },
            {
              "name": "93864",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/93864"
            },
            {
              "name": "40682",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/40682/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-09-03T01:29Z",
      "publishedDate": "2016-10-28T15:59Z"
    }
  }
}

CVE-2016-8580 (GCVE-0-2016-8580)

Vulnerability from cvelistv5

Published

2016-10-28 15:00

Modified

2024-08-06 02:27

Severity ?

CWE

Summary

References

URL

Tags

	https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/40682/	exploit, x_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/93864	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website