Vulnerability Details : CVE-2016-6317
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
Vulnerability category: BypassGain privilege
Products affected by CVE-2016-6317
- cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6317
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6317
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-6317
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6317
-
http://www.securityfocus.com/bid/92434
Ruby on Rails Active Record CVE-2016-6317 SQL Injection Vulnerability
-
http://rhn.redhat.com/errata/RHSA-2016-1855.html
RHSA-2016:1855 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2016/08/11/4
oss-security - [CVE-2016-6317] Unsafe Query Generation Risk in Active RecordMailing List;Third Party Advisory
-
https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA
[CVE-2016-6317] Unsafe Query Generation Risk in Active Record - Google Groepen
-
http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
Rails 5.0.0.1, 4.2.7.1, and 3.2.22.3 have been released! | Riding RailsRelease Notes
Jump to