CVE-2006-2042
CVSS7.5
发布时间 :2006-05-09 15:02:00
修订时间 :2011-03-07 21:34:51
NMCOPS    

[原文]Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.


[CNNVD]Adobe Dreamweaver 生成代码 多个SQL注入漏洞(CNNVD-200605-183)

        Dreamweaver是Macromedia公司开发和维护的一款流行的网页设计软件,可使用在Microsoft Windows操作系统下。
        Adobe的Macromedia Dreamweaver所生成的代码中存在多个SQL注入漏洞,远程攻击者可能利用此漏洞非授权访问数据库,结合特定的数据操作可能在主机上执行任意命令。
        这个漏洞影响ColdFusion、PHP mySQL、ASP、ASP.NET和JSP服务模块。如果将数据库配置为允许通过数据库调用执行本地系统命令的话,则这个漏洞允许执行本地命令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:adobe:dreamweaver:7.0Adobe Dreamweaver MX 2004
cpe:/a:adobe:dreamweaver:8.0Adobe Dreamweaver 8.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2042
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2042
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-183
(官方数据源) CNNVD

- 其它链接及资源

http://www.adobe.com/support/security/bulletins/apsb06-07.html
(VENDOR_ADVISORY)  CONFIRM  http://www.adobe.com/support/security/bulletins/apsb06-07.html
http://www.vupen.com/english/advisories/2006/1753
(UNKNOWN)  VUPEN  ADV-2006-1753
http://xforce.iss.net/xforce/xfdb/26339
(UNKNOWN)  XF  dreamweaver-server-sql-injection(26339)
http://www.securityfocus.com/bid/17928
(UNKNOWN)  BID  17928
http://www.osvdb.org/25361
(UNKNOWN)  OSVDB  25361
http://securitytracker.com/id?1016050
(UNKNOWN)  SECTRACK  1016050
http://secunia.com/advisories/20054
(UNKNOWN)  SECUNIA  20054
http://archives.neohapsis.com/archives/bugtraq/2006-05/0194.html
(UNKNOWN)  BUGTRAQ  20060509 Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code

- 漏洞信息

Adobe Dreamweaver 生成代码 多个SQL注入漏洞
高危 SQL注入
2006-05-09 00:00:00 2006-05-10 00:00:00
远程  
        Dreamweaver是Macromedia公司开发和维护的一款流行的网页设计软件,可使用在Microsoft Windows操作系统下。
        Adobe的Macromedia Dreamweaver所生成的代码中存在多个SQL注入漏洞,远程攻击者可能利用此漏洞非授权访问数据库,结合特定的数据操作可能在主机上执行任意命令。
        这个漏洞影响ColdFusion、PHP mySQL、ASP、ASP.NET和JSP服务模块。如果将数据库配置为允许通过数据库调用执行本地系统命令的话,则这个漏洞允许执行本地命令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://download.macromedia.com/pub/dreamweaver/updates/dw_8/8_0_2/win/dw8_802_update_en.exe

- 漏洞信息 (F46394)

dreamweaverSQL.txt (PacketStormID:F46394)
2006-05-21 00:00:00
Brian Gallagher  
advisory,local,php,vulnerability,code execution,sql injection,asp
CVE-2006-2042
[点击下载]

There are multiple SQL Injection vulnerabilities in the code generated by Adobe's Macromedia Dreamweaver prior to version 8.0.2. This vulnerability affects the ColdFusion, PHP mySQL, ASP, ASP.NET and JSP server models. If the database server is configured to allow local system commands to be executed via database calls, this vulnerability may also allow local code execution.

Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code

INFORMATION:
-------------------------
Class: SQL Injection
CVE: CVE-2006-2042
Remote: Yes
Local: Yes
Published: May 09, 2006
Credit: Brian Gallagher <brian@diamondsea.com>
Vulnerable:
  Dreamweaver Ultradev
  Dreamweaver MX
  Dreamweaver MX 2004
  Dreamweaver 8 (fixed in version 8.0.2)

DISCUSSION
-------------------------

There are multiple SQL Injection vulnerabilities in the code generated
by Adobe's Macromedia Dreamweaver prior to versino 8.0.2.  This
vulnerability affects the ColdFusion, PHP mySQL, ASP, ASP.NET and JSP
server models.  If the database server is configured to allow local
system commands to be executed via database calls, this vulnerability
may also allow local code execution.

Dreamweaver offers powerful rapid-application design (RAD) tools for
quickly and easily creating Internet and Intranet applications for a
variety of server models (databases and languages).  The code
generated automatically by these functions does not properly validate
input and are vulnerable to SQL Injection attacks from remote users.

Macromedia (now Adobe) was notified of the problem in October 2005. 
They have been working cooperatively to remedy this problem, including
examining and updating all their server models.  If all vendors were
this cooperative and responsive, the digital world would be a safer
and better place.

Adobe today released the updated version of Dreamweaver 8.0.2 (free
download) along with instructions on how to workaround the problem in
code developed in earlier versions of Dreamweaver.

The Adobe announcement can be found here:

  http://www.adobe.com/support/security/bulletins/apsb06-07.html


EXPLOIT
-------------------------

This vulnerability can be exploited by standard SQL injection techniques.

The documentation supplied by Adobe in their release details where the
vulnerabilities exist and how to correct them.

If a web server's database allows access to the system commands
through SQL queries local command execution is possible.

SOLUTION
-------------------------

Dreamweaver 8:  Install the free updater to version 8.0.2 and recreate
your server components to use the new more secure code.
Dreamweaver MX 2004: Follow the directions for your server model on
how to secure your existing code.
Dreamweaver MX, Ultradev: Read the directions for the MX 2004 fixes
and adapt these to your code.

REFERENCES
-------------------------

Macromedia Security Bulletin: Dreamweaver Server Behavior SQL
Injection vulnerability
http://www.adobe.com/support/security/bulletins/apsb06-07.html

Dreamweaver Support Center: Updaters
http://www.adobe.com/support/dreamweaver/downloads_updaters.html

Protecting ColdFusion server behaviors from SQL injection vulnerability
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=300b670e

Protecting PHP server behaviors from SQL injection vulnerability
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=30037473

Protecting ASP VBScript server behaviors from SQL injection vulnerability
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=57ae79b2

Protecting ASP JavaScript server behaviors from SQL injection vulnerability
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=581a553c

Protecting JSP server behaviors from SQL injection vulnerability
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=585ac720

--
 Brian Gallagher - DiamondSea.com - brian@diamondsea.com
 We Make E-Commerce Easy - No Technical Experience Required
 Consulting - E-Commerce - Web Site Design - Custom Programming
 http://www.DiamondSea.com - Toll-Free: 800-604-1476 - Fax: 888-411-8144
    

- 漏洞信息

25361
Adobe Dreamweaver Server RAD Tools Multiple Unspecified SQL Injection
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Unknown

- 漏洞描述

Dreamweaver contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to scripts generated for the ColdFusion, PHP mySQL, ASP, ASP.NET, and JSP server models failing to properly sanitize user-supplied input to the various unspecified variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

- 时间线

2006-05-09 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 8.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Adobe Dreamweaver Generated Code SQL Injection Vulnerabilities
Input Validation Error 17928
Yes No
2006-05-10 12:00:00 2006-05-10 11:14:00
Brian Gallagher is credited with the discovery of these vulnerabilities.

- 受影响的程序版本

Macromedia Dreamweaver MX 2004
Macromedia Dreamweaver MX 2004
Adobe Dreamweaver 8.0
Adobe Dreamweaver 8.0.2

- 不受影响的程序版本

Adobe Dreamweaver 8.0.2

- 漏洞讨论

Dreamweaver generated code is prone to SQL-injection vulnerabilities. These issues are due to a failure in the generated code to properly sanitize user-supplied input before using it in SQL queries.
Successful exploits could allow an attacker to compromise the code, access or modify data, or exploit vulnerabilities in the underlying database implementation.

- 漏洞利用

These issues can be exploited through a web client.

- 解决方案

The vendor has released version 8.0.2 to address this issue for Dreamweaver version 8. Users of Dreamweaver MX 2004 are directed to follow specific instructions to update code generated using that version. See the referenced vendor advisories for further information.


Adobe Dreamweaver 8.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站