CVE-2015-3458 - Vulnerability Details - OpenCVE

The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stream wrapper, related to the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Magento	Magento

Configuration 1 [-]

OR	cpe:2.3:a:magento:magento:1.9.1.0::::community:::
	cpe:2.3:a:magento:magento:1.14.1.0::::enterprise:::

No data.

References

Link	Providers
http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability
http://www.securityfocus.com/bid/74412
http://www.securitytracker.com/id/1032230

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-04-29T22:00:00

Updated: 2024-08-06T05:47:58.024Z

Reserved: 2015-04-29T00:00:00

Link: CVE-2015-3458

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-04-29T22:59:04.113

Modified: 2024-11-21T02:29:27.970

Link: CVE-2015-3458

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-20T00:00:00", "descriptions": [{"lang": "en", "value": "The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stream wrapper, related to the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-02T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability"}, {"name": "74412", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74412"}, {"name": "1032230", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032230"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3458", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stream wrapper, related to the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability", "refsource": "CONFIRM", "url": "http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability"}, {"name": "74412", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74412"}, {"name": "1032230", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032230"}, {"name": "http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/", "refsource": "MISC", "url": "http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:47:58.024Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability"}, {"name": "74412", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74412"}, {"name": "1032230", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032230"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-3458", "datePublished": "2015-04-29T22:00:00", "dateReserved": "2015-04-29T00:00:00", "dateUpdated": "2024-08-06T05:47:58.024Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:magento:magento:1.9.1.0:*:*:*:community:*:*:*", "matchCriteriaId": "A6844CE7-F5A9-41CC-BAE8-C860C36F1C14", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:1.14.1.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "3B9093FD-5E68-4616-BFDC-DA589FBCEDFB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stream wrapper, related to the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files."}, {"lang": "es", "value": "La funci\u00f3n fetchView en la clase Mage_Core_Block_Template_Zend en Magento Community Edition (CE) 1.9.1.0 y Enterprise Edition (EE) 1.14.1.0 no restringe el envoltorio de flujos utilizado en una ruta de plantilla, lo que permite a administradores remotos incluir y ejecutar ficheros PHP arbitrarios a trav\u00e9s del envoltorio de flujos phar://, relacionado con la funci\u00f3n setScriptPath. NOTA: no est\u00e1 claro si este problema cruza los l\u00edmites de los privilegios, como los administradores podr\u00eda ya tener los privilegios para incluir ficheros arbitrarios."}], "id": "CVE-2015-3458", "lastModified": "2024-11-21T02:29:27.970", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-04-29T22:59:04.113", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/74412"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1032230"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/74412"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032230"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}