Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2016-767
HistoryNov 18, 2016 - 12:30 p.m.

Medium: php-ZendFramework

2016-11-1812:30:00
alas.aws.amazon.com
20

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.014

Percentile

86.6%

JSON

Issue Overview:

The implementation of ORDER BY and GROUP BY in Zend_Db_Select was discovered to be vulnerable to SQL injection.

Affected Packages:

php-ZendFramework

Issue Correction:
Run yum update php-ZendFramework to update your system.

New Packages:

noarch:  
    php-ZendFramework-Db-Adapter-Pdo-Pgsql-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Feed-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Services-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Captcha-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Cache-Backend-Memcached-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-full-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Db-Adapter-Pdo-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Auth-Adapter-Ldap-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Cache-Backend-Apc-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-extras-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Cache-Backend-Libmemcached-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Dojo-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-demos-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Pdf-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Soap-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Db-Adapter-Mysqli-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Search-Lucene-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Ldap-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Serializer-Adapter-Igbinary-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Db-Adapter-Pdo-Mysql-1.12.20-1.12.amzn1.noarch  
    php-ZendFramework-Db-Adapter-Pdo-Mssql-1.12.20-1.12.amzn1.noarch  
  
src:  
    php-ZendFramework-1.12.20-1.12.amzn1.src

Additional References

Red Hat: CVE-2016-4861, CVE-2016-6233

Mitre: CVE-2016-4861, CVE-2016-6233

OSVersionArchitecturePackageVersionFilename
Amazon Linux1noarchphp-zendframework-db-adapter-pdo-pgsql< 1.12.20-1.12.amzn1php-ZendFramework-Db-Adapter-Pdo-Pgsql-1.12.20-1.12.amzn1.noarch.rpm
Amazon Linux1noarchphp-zendframework-feed< 1.12.20-1.12.amzn1php-ZendFramework-Feed-1.12.20-1.12.amzn1.noarch.rpm
Amazon Linux1noarchphp-zendframework-services< 1.12.20-1.12.amzn1php-ZendFramework-Services-1.12.20-1.12.amzn1.noarch.rpm
Amazon Linux1noarchphp-zendframework-captcha< 1.12.20-1.12.amzn1php-ZendFramework-Captcha-1.12.20-1.12.amzn1.noarch.rpm
Amazon Linux1noarchphp-zendframework-cache-backend-memcached< 1.12.20-1.12.amzn1php-ZendFramework-Cache-Backend-Memcached-1.12.20-1.12.amzn1.noarch.rpm
Amazon Linux1noarchphp-zendframework-full< 1.12.20-1.12.amzn1php-ZendFramework-full-1.12.20-1.12.amzn1.noarch.rpm
Amazon Linux1noarchphp-zendframework-db-adapter-pdo< 1.12.20-1.12.amzn1php-ZendFramework-Db-Adapter-Pdo-1.12.20-1.12.amzn1.noarch.rpm
Amazon Linux1noarchphp-zendframework-auth-adapter-ldap< 1.12.20-1.12.amzn1php-ZendFramework-Auth-Adapter-Ldap-1.12.20-1.12.amzn1.noarch.rpm
Amazon Linux1noarchphp-zendframework-cache-backend-apc< 1.12.20-1.12.amzn1php-ZendFramework-Cache-Backend-Apc-1.12.20-1.12.amzn1.noarch.rpm
Amazon Linux1noarchphp-zendframework-extras< 1.12.20-1.12.amzn1php-ZendFramework-extras-1.12.20-1.12.amzn1.noarch.rpm
Rows per page:
1-10 of 221

Related

openvas 7
nessus 7
fedora 3
gentoo 1
cvelist 2
mageia 2
prion 2
osv 4
cve 2
nvd 2
veracode 1
ubuntucve 2
f5 2
friendsofphp 1
github 2
debian 2
jvn 1
openvas
openvas
Fedora Update for php-ZendFramework FEDORA-2016-666d95d1d5
2016-12-07 00:00:00
Fedora Update for php-ZendFramework FEDORA-2016-7f193a0c59
2016-11-14 00:00:00
Fedora Update for php-ZendFramework FEDORA-2016-77e5105570
2016-11-14 00:00:00
nessus
nessus
Amazon Linux AMI : php-ZendFramework (ALAS-2016-767)
2016-11-21 00:00:00
Fedora 24 : php-ZendFramework (2016-7f193a0c59)
2016-10-10 00:00:00
Fedora 23 : php-ZendFramework (2016-77e5105570)
2016-10-10 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: php-ZendFramework-1.12.20-1.fc25
2016-10-09 03:26:26
[SECURITY] Fedora 24 Update: php-ZendFramework-1.12.20-1.fc24
2016-10-09 06:28:49
[SECURITY] Fedora 23 Update: php-ZendFramework-1.12.20-1.fc23
2016-10-09 09:29:08
gentoo
gentoo
Zend Framework: Multiple vulnerabilities
2018-04-09 00:00:00
cvelist
cvelist
CVE-2016-6233
2017-02-16 18:00:00
CVE-2016-4861
2017-02-16 18:00:00
mageia
mageia
Updated php-ZendFramework packages fix security vulnerability
2016-08-03 13:57:01
Updated php-ZendFramework packages fix security vulnerability
2016-10-21 17:48:32
prion
prion
Sql injection
2017-02-17 02:59:00
Sql injection
2017-02-17 02:59:00
osv
osv
Zend Framework Allows SQL Injection
2022-05-14 02:19:45
zendframework - security update
2018-06-28 00:00:00
Zend Framework Allows SQL Injection
2022-05-14 02:19:45
cve
cve
CVE-2016-6233
2017-02-17 02:59:13
CVE-2016-4861
2017-02-17 02:59:13
nvd
nvd
CVE-2016-6233
2017-02-17 02:59:13
CVE-2016-4861
2017-02-17 02:59:13
veracode
veracode
SQL Injection
2017-07-25 22:08:22
ubuntucve
ubuntucve
CVE-2016-6233
2017-02-17 00:00:00
CVE-2016-4861
2017-02-17 00:00:00
f5
f5
K10280318 : Zend Framework vulnerability CVE-2016-6233
2016-09-20 00:00:00
SOL10280318 - Zend Framework vulnerability CVE-2016-6233
2016-09-20 00:00:00
friendsofphp
friendsofphp
Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select
2016-07-06 17:01:58
github
github
Zend Framework Allows SQL Injection
2022-05-14 02:19:45
Zend Framework Allows SQL Injection
2022-05-14 02:19:45
debian
debian
[SECURITY] [DLA 1403-1] zendframework security update
2018-06-28 20:05:16
[SECURITY] [DLA 646-1] zendframework security update
2016-10-05 20:44:09
jvn
jvn
JVN#18926672: Zend Framework vulnerable to SQL injection
2016-09-15 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.014

Percentile

86.6%

JSON
Related for ALAS-2016-767
openvas7nessus7fedora3gentoo1cvelist2mageia2prion2osv4cve2nvd2veracode1ubuntucve2f52friendsofphp1github2debian2jvn1