CVE-2010-4335 - OpenCVE

The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cakefoundation	Cakephp

Configuration 1 [-]

OR	cpe:2.3:a:cakefoundation:cakephp:1.2.8:::::::*
	cpe:2.3:a:cakefoundation:cakephp:1.3:dev::::::
	cpe:2.3:a:cakefoundation:cakephp:1.3.0:::::::*
	cpe:2.3:a:cakefoundation:cakephp:1.3.0:alpha::::::
	cpe:2.3:a:cakefoundation:cakephp:1.3.0:beta::::::
	cpe:2.3:a:cakefoundation:cakephp:1.3.0:rc1::::::
	cpe:2.3:a:cakefoundation:cakephp:1.3.0:rc2::::::
	cpe:2.3:a:cakefoundation:cakephp:1.3.0:rc3::::::
	cpe:2.3:a:cakefoundation:cakephp:1.3.0:rc4::::::
	cpe:2.3:a:cakefoundation:cakephp:1.3.1:::::::*
	cpe:2.3:a:cakefoundation:cakephp:1.3.2:::::::*
	cpe:2.3:a:cakefoundation:cakephp:1.3.3:::::::*
	cpe:2.3:a:cakefoundation:cakephp:1.3.4:::::::*
	cpe:2.3:a:cakefoundation:cakephp:1.3.5:::::::*

No data.

References

Link	Providers
http://malloc.im/CakePHP-unserialize.txt
http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt
http://secunia.com/advisories/42211
http://securityreason.com/securityalert/8026
http://www.exploit-db.com/exploits/16011
http://www.osvdb.org/69352
https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-01-14T22:00:00

Updated: 2024-08-07T03:43:14.558Z

Reserved: 2010-11-30T00:00:00

Link: CVE-2010-4335

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-01-14T23:00:46.850

Modified: 2011-01-22T06:44:44.190

Link: CVE-2010-4335

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-06T00:00:00", "descriptions": [{"lang": "en", "value": "The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-01-22T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb"}, {"name": "16011", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/16011"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt"}, {"name": "69352", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/69352"}, {"name": "8026", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8026"}, {"tags": ["x_refsource_MISC"], "url": "http://malloc.im/CakePHP-unserialize.txt"}, {"name": "42211", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42211"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4335", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb", "refsource": "CONFIRM", "url": "https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb"}, {"name": "16011", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/16011"}, {"name": "http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt", "refsource": "MISC", "url": "http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt"}, {"name": "69352", "refsource": "OSVDB", "url": "http://www.osvdb.org/69352"}, {"name": "8026", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8026"}, {"name": "http://malloc.im/CakePHP-unserialize.txt", "refsource": "MISC", "url": "http://malloc.im/CakePHP-unserialize.txt"}, {"name": "42211", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42211"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:43:14.558Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb"}, {"name": "16011", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/16011"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt"}, {"name": "69352", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/69352"}, {"name": "8026", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8026"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://malloc.im/CakePHP-unserialize.txt"}, {"name": "42211", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42211"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4335", "datePublished": "2011-01-14T22:00:00", "dateReserved": "2010-11-30T00:00:00", "dateUpdated": "2024-08-07T03:43:14.558Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cakefoundation:cakephp:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "4EAF987A-B6AE-49BC-9B1F-F91C8BEDE8BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cakefoundation:cakephp:1.3:dev:*:*:*:*:*:*", "matchCriteriaId": "3FC00F9B-A680-43F9-ABDA-3242D7AC6B3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cakefoundation:cakephp:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C65627A5-D154-48F5-8902-D66899ABC206", "vulnerable": true}, {"criteria": "cpe:2.3:a:cakefoundation:cakephp:1.3.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "F0D64CF7-9431-410E-B69D-7B2828452739", "vulnerable": true}, {"criteria": "cpe:2.3:a:cakefoundation:cakephp:1.3.0:beta:*:*:*:*:*:*", "matchCriteriaId": "BEAAA812-F8F6-48F2-995E-48929D532DB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cakefoundation:cakephp:1.3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "3AD6C268-C6DA-4DEE-853D-28E893CDE90E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cakefoundation:cakephp:1.3.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "D1C5033B-0E35-4270-AEFD-C7E78E546E53", "vulnerable": true}, {"criteria": "cpe:2.3:a:cakefoundation:cakephp:1.3.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "1119962A-421C-4F35-BCEE-3AD718F7E077", "vulnerable": true}, {"criteria": "cpe:2.3:a:cakefoundation:cakephp:1.3.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "C4E96540-FF61-4EEF-9768-BA4BE9441426", "vulnerable": true}, {"criteria": "cpe:2.3:a:cakefoundation:cakephp:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3FE40BC8-8605-46FD-A6B3-B471623F5C14", "vulnerable": true}, {"criteria": "cpe:2.3:a:cakefoundation:cakephp:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "1602F4C6-4596-44B7-A2D7-CAF7F137748E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cakefoundation:cakephp:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "33DA98E6-D097-40F7-B63D-508E0BB593FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cakefoundation:cakephp:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "2F002CFD-453B-4E9E-8BC3-9E647EDB0BD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cakefoundation:cakephp:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "900DC462-B0B1-4205-B988-9DFC51366861", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files."}, {"lang": "es", "value": "la funci\u00f3n _validatePost en libs/controller/components/security.php en CakePHP v1.3.x hasta la v1.3.5 y v1.2.8 permite a atacantes remotos modificar la cach\u00e9 interna de la aplicaci\u00f3n y ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor data[_token][fields] debiadamente modificado, el cual es procesado por la funci\u00f3n unserialize, como se ha demostrado mediante la modificaci\u00f3n de la cach\u00e9 file_map para ejecutar archivos locales."}], "id": "CVE-2010-4335", "lastModified": "2011-01-22T06:44:44.190", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-01-14T23:00:46.850", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://malloc.im/CakePHP-unserialize.txt"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42211"}, {"source": "secalert@redhat.com", "url": "http://securityreason.com/securityalert/8026"}, {"source": "secalert@redhat.com", "url": "http://www.exploit-db.com/exploits/16011"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/69352"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}