PT-2017-18803 · New Relic · New Relic .Net Agent

Publicado

2017-06-13

Atualizado

2022-05-17

CVE-2017-9246

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions New Relic .NET Agent versions prior to 6.3.123.0

Description The issue involves SQL injection flaws in safe applications due to the failure to escape quotes during the use of the Slow Queries feature. This can be demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, which can occur after bypassing a SET SHOWPLAN ALL ON protection mechanism.

Recommendations For versions prior to 6.3.123.0, update to version 6.3.123.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Slow Queries feature until a patch is applied. Avoid using the Slow Queries feature with user-inputted data to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2017-9246

GHSA-2RVX-CVFC-MCP2

Produtos afetados

New Relic .Net Agent

PT-2017-18803 · New Relic · New Relic .Net Agent

CVE-2017-9246

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6