Details of VAR-200908-0199

ID

VAR-200908-0199

CVE

CVE-2008-6992

TITLE

GreenSQL Firewall In SQL Vulnerabilities that bypass the injection protection mechanism

Trust: 0.8

sources: JVNDB: JVNDB-2009-003083

DESCRIPTION

GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL. GreenSQL Firewall is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions. Successfully exploiting this issue may aid in SQL attacks on the underlying application. The vulnerability has been successfully parsed by MySQL

Trust: 1.98

sources: NVD: CVE-2008-6992 // JVNDB: JVNDB-2009-003083 // BID: 36209 // VULHUB: VHN-37117

AFFECTED PRODUCTS

vendor:	greensql	model:	firewall	scope:	eq	version:	0.8.2	Trust: 1.6
vendor:	greensql	model:	firewall	scope:	eq	version:	0.3.5	Trust: 1.6
vendor:	greensql	model:	firewall	scope:	eq	version:	0.3.4	Trust: 1.6
vendor:	greensql	model:	firewall	scope:	lte	version:	0.8.3	Trust: 1.0
vendor:	greensql	model:	firewall	scope:	lt	version:	or 0.9.4	Trust: 0.8
vendor:	greensql	model:	firewall	scope:	eq	version:	0.9.2	Trust: 0.8
vendor:	greensql	model:	firewall	scope:	eq	version:	0.8.3	Trust: 0.6
vendor:	greensql	model:	greensql	scope:	eq	version:	0.9.4	Trust: 0.3
vendor:	greensql	model:	greensql	scope:	eq	version:	0.9.2	Trust: 0.3

sources: BID: 36209 // JVNDB: JVNDB-2009-003083 // CNNVD: CNNVD-200908-247 // NVD: CVE-2008-6992

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-6992
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-6992
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200908-247
value:	HIGH
Trust: 0.6
VULHUB:	VHN-37117
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-6992
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-37117
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-37117 // JVNDB: JVNDB-2009-003083 // CNNVD: CNNVD-200908-247 // NVD: CVE-2008-6992

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-37117 // JVNDB: JVNDB-2009-003083 // NVD: CVE-2008-6992

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200908-247

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200908-247

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-003083

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-37117

PATCH

title:

Top Page

url:

http://www.greensql.net/

Trust: 0.8

sources: JVNDB: JVNDB-2009-003083

EXTERNAL IDS

db:	NVD	id:	CVE-2008-6992	Trust: 2.8
db:	OSVDB	id:	48910	Trust: 1.7
db:	JVNDB	id:	JVNDB-2009-003083	Trust: 0.8
db:	CNNVD	id:	CNNVD-200908-247	Trust: 0.7
db:	BID	id:	36209	Trust: 0.4
db:	EXPLOIT-DB	id:	33203	Trust: 0.1
db:	SEEBUG	id:	SSVID-86444	Trust: 0.1
db:	VULHUB	id:	VHN-37117	Trust: 0.1

sources: VULHUB: VHN-37117 // BID: 36209 // JVNDB: JVNDB-2009-003083 // CNNVD: CNNVD-200908-247 // NVD: CVE-2008-6992

REFERENCES

url:	http://www.greensql.net/security	Trust: 2.0
url:	http://bugs.mysql.com/bug.php?id=39337	Trust: 2.0
url:	http://www.greensql.net/node/89	Trust: 1.7
url:	http://www.greensql.net/node/98	Trust: 1.7
url:	http://osvdb.org/48910	Trust: 1.7
url:	http://sla.ckers.org/forum/read.php?16,24367	Trust: 1.0
url:	http://sla.ckers.org/forum/read.php?16%2c24367	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6992	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-6992	Trust: 0.8
url:	http://www.greensql.net/	Trust: 0.3

sources: VULHUB: VHN-37117 // BID: 36209 // JVNDB: JVNDB-2009-003083 // CNNVD: CNNVD-200908-247 // NVD: CVE-2008-6992

CREDITS

Johannes Dahse

Trust: 0.3

sources: BID: 36209

SOURCES

db:	VULHUB	id:	VHN-37117
db:	BID	id:	36209
db:	JVNDB	id:	JVNDB-2009-003083
db:	CNNVD	id:	CNNVD-200908-247
db:	NVD	id:	CVE-2008-6992

LAST UPDATE DATE

2025-04-10T23:24:52.545000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-37117	date:	2009-08-19T00:00:00
db:	BID	id:	36209	date:	2009-09-02T16:22:00
db:	JVNDB	id:	JVNDB-2009-003083	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200908-247	date:	2009-08-19T00:00:00
db:	NVD	id:	CVE-2008-6992	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-37117	date:	2009-08-19T00:00:00
db:	BID	id:	36209	date:	2008-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2009-003083	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200908-247	date:	2009-08-19T00:00:00
db:	NVD	id:	CVE-2008-6992	date:	2009-08-19T05:24:52.627