CVE-2016-6317 in Ruby on Railsinfo

Zusammenfassung

von MITRE

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

26.07.2016

Veröffentlichung

07.09.2016

Moderieren

akzeptiert

Eintrag

VDB-91365

CPE

bereit

CWE

CWE-284 (bestätigt)

CVSS

7.5 (NVD)

EPSS

0.00381

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider, Energy, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6317
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6317
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6317/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!