Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-0449 | First vendor Publication | 2011-02-21 |
| Vendor | Cve | Last vendor Modification | 2019-08-08 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0449 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-02-28 | Name : Ruby on Rails Security Bypass and SQL Injection Vulnerabilities File : nvt/secpod_ruby_rails_sec_bypass_n_sql_inj_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 70906 | Ruby on Rails Filter Case-Insensitive Filesystem Issue Ruby on Rails contains a flaw related to 'actionpack/lib/action_view/template/resolver.rb' failing to properly implement filtering code when a case-insensitive filesystem is in use. This may allow a remote attacker to bypass intended access restrictions by using an action name that uses an unexpected case on alphabetic characters. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-28.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_rubygem-actionmailer-111116.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_rubygem-actionmailer-111116.nasl - Type : ACT_GATHER_INFO |
| 2011-04-06 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-4358.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-02 01:15:16 |
|
| 2024-02-01 12:04:15 |
|
| 2023-09-05 12:14:17 |
|
| 2023-09-05 01:04:07 |
|
| 2023-09-02 12:14:20 |
|
| 2023-09-02 01:04:10 |
|
| 2023-08-12 12:17:14 |
|
| 2023-08-12 01:04:11 |
|
| 2023-08-11 12:14:25 |
|
| 2023-08-11 01:04:19 |
|
| 2023-08-06 12:13:51 |
|
| 2023-08-06 01:04:12 |
|
| 2023-08-04 12:13:56 |
|
| 2023-08-04 01:04:13 |
|
| 2023-07-14 12:13:54 |
|
| 2023-07-14 01:04:11 |
|
| 2023-03-29 01:15:50 |
|
| 2023-03-28 12:04:16 |
|
| 2022-10-11 12:12:24 |
|
| 2022-10-11 01:03:57 |
|
| 2021-05-04 12:13:54 |
|
| 2021-04-22 01:15:04 |
|
| 2020-05-23 00:27:40 |
|
| 2019-08-09 12:03:47 |
|
| 2019-08-08 21:19:39 |
|
| 2016-04-26 20:30:17 |
|
| 2014-12-16 13:24:47 |
|
| 2014-06-14 13:30:08 |
|
| 2014-02-17 11:00:02 |
|
| 2013-05-10 22:53:31 |
|
