Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2021-3007

Published: 04/01/2021 Updated: 11/04/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Getlaminas

Vulnerability Summary

Laminas Project laminas-http prior to 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a "vulnerability in the PHP language itself" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

getlaminas laminas-http

zend zend framework 3.0.0

Github Repositories

https://github.com/Vulnmachines/ZF3_CVE-2021-3007

ZendFramework_CVE-2021-3007 PoC

ZF3_CVE-2021-3007 ZendFramework_CVE-2021-3007 PoC

https://github.com/vlp443/deserial-killer-zf3

Pickled Zend Quick note: I wrote this exploit back in 2021 because I was essentially in dispute with someone who claimed it wasn't a risk because there were no genuine exploits for it Zend Framework 3 deserialisation reverse shell based on CVE-2021-3007 and Ling-Yizhous PoC at githubcom/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20%E5%8F%8D%E5%BA%8F%E

https://github.com/KOKAProduktion/KokaCrud

Extendable CRUD module for ZF2 using Doctrine2

Please Note: for educational purposes only, no longer supported CVE-2021-3007 critical severity Vulnerable versions: <= 300 Patched version: No fix Zend Framework 300 has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Streamphp NOTE:

https://github.com/vlp443/pickled-zend

Pickled Zend Quick note: I wrote this exploit back in 2021 because I was essentially in dispute with someone who claimed it wasn't a risk because there were no genuine exploits for it Zend Framework 3 deserialisation reverse shell based on CVE-2021-3007 and Ling-Yizhous PoC at githubcom/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20%E5%8F%8D%E5%BA%8F%E

References

CWE-502https://github.com/laminas/laminas-http/commits/2.15.x/src/Response/Stream.phphttps://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%20rce.mdhttps://github.com/laminas/laminas-http/pull/48https://github.com/laminas/laminas-http/releases/tag/2.14.2https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/https://nvd.nist.govhttps://github.com/Vulnmachines/ZF3_CVE-2021-3007
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook