CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
87.6%
Package : zendframework
Version : 1.10.6-1squeeze6
CVE ID : CVE-2015-7695
The PDO adapters of Zend Framework 1 did not filter null bytes values in
SQL statements. A PDO adapter can treat null bytes in a query as a
string terminator, allowing an attacker to add arbitrary SQL following a
null byte, and thus create a SQL injection.
For Debian 6 Squeeze, this issue has been fixed in zendframework
version 1.10.6-1squeeze6.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | all | zendframework-resources | < 1.11.13-1.1+deb7u4 | zendframework-resources_1.11.13-1.1+deb7u4_all.deb |
Debian | 6 | all | zendframework-bin | < 1.10.6-1squeeze6 | zendframework-bin_1.10.6-1squeeze6_all.deb |
Debian | 7 | all | zendframework-bin | < 1.11.13-1.1+deb7u4 | zendframework-bin_1.11.13-1.1+deb7u4_all.deb |
Debian | 6 | all | zendframework | < 1.10.6-1squeeze6 | zendframework_1.10.6-1squeeze6_all.deb |
Debian | 8 | all | zendframework | < 1.12.9+dfsg-2+deb8u4 | zendframework_1.12.9+dfsg-2+deb8u4_all.deb |
Debian | 7 | all | zendframework | < 1.11.13-1.1+deb7u4 | zendframework_1.11.13-1.1+deb7u4_all.deb |
Debian | 8 | all | zendframework-resources | < 1.12.9+dfsg-2+deb8u4 | zendframework-resources_1.12.9+dfsg-2+deb8u4_all.deb |
Debian | 8 | all | zendframework-bin | < 1.12.9+dfsg-2+deb8u4 | zendframework-bin_1.12.9+dfsg-2+deb8u4_all.deb |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
87.6%