CVE-2011-2931

Executive Summary

Informations
Name	CVE-2011-2931	First vendor Publication	2011-08-29
Vendor	Cve	Last vendor Modification	2012-07-06

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931

CWE : Common Weakness Enumeration

id	Name
CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting')

CPE : Common Platform Enumeration

Type	Description	Count
Application	Rubyonrails Ruby On Rails cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc4 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.1.0 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc3 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:beta1 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc5 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc4 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.9 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc3 cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc3 cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc4 cpe:/a:rubyonrails:ruby_on_rails:3.0.8 cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.7 cpe:/a:rubyonrails:ruby_on_rails:3.0.7:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.7:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.6:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.6 cpe:/a:rubyonrails:ruby_on_rails:3.0.6:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.5 cpe:/a:rubyonrails:ruby_on_rails:3.0.5:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.4:rc cpe:/a:rubyonrails:ruby_on_rails:3.0.4 cpe:/a:rubyonrails:ruby_on_rails:3.0.4:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.3 cpe:/a:rubyonrails:ruby_on_rails:3.0.2:pre cpe:/a:rubyonrails:ruby_on_rails:3.0.2 cpe:/a:rubyonrails:ruby_on_rails:3.0.10:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.1 cpe:/a:rubyonrails:ruby_on_rails:3.0.1:pre cpe:/a:rubyonrails:ruby_on_rails:3.0.0:rc cpe:/a:rubyonrails:ruby_on_rails:3.0.0 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta3 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta2 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta4 cpe:/a:rubyonrails:ruby_on_rails:2.3.9 cpe:/a:rubyonrails:ruby_on_rails:2.3.4 cpe:/a:rubyonrails:ruby_on_rails:2.3.3 cpe:/a:rubyonrails:ruby_on_rails:2.3.2 cpe:/a:rubyonrails:ruby_on_rails:2.3.12 cpe:/a:rubyonrails:ruby_on_rails:2.3.11 cpe:/a:rubyonrails:ruby_on_rails:2.3.10 cpe:/a:rubyonrails:ruby_on_rails:2.2.2 cpe:/a:rubyonrails:ruby_on_rails:2.2.1 cpe:/a:rubyonrails:ruby_on_rails:2.2.0 cpe:/a:rubyonrails:ruby_on_rails:2.1.2 cpe:/a:rubyonrails:ruby_on_rails:2.1.1 cpe:/a:rubyonrails:ruby_on_rails:2.1.0 cpe:/a:rubyonrails:ruby_on_rails:2.1 cpe:/a:rubyonrails:ruby_on_rails:2.0.4 cpe:/a:rubyonrails:ruby_on_rails:2.0.2 cpe:/a:rubyonrails:ruby_on_rails:2.0.1 cpe:/a:rubyonrails:ruby_on_rails:2.0.0 cpe:/a:rubyonrails:ruby_on_rails:2.0.0:rc1 cpe:/a:rubyonrails:ruby_on_rails:2.0.0:rc2	61

Open Source Vulnerability Database (OSVDB)

id	Description
74617	Ruby on Rails actionpack/lib/action_controller/vendor/html-scanner/html/node....

Internal Sources (Detail)

Source	Url
CONFIRM	http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6 https://bugzilla.redhat.com/show_bug.cgi?id=731436 https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a
DEBIAN	http://www.debian.org/security/2011/dsa-2301
FEDORA	http://lists.fedoraproject.org/pipermail/package-announce/2011-September/0651... http://lists.fedoraproject.org/pipermail/package-announce/2011-September/0651... http://lists.fedoraproject.org/pipermail/package-announce/2011-September/0652...
MLIST	http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmod... http://www.openwall.com/lists/oss-security/2011/08/17/1 http://www.openwall.com/lists/oss-security/2011/08/19/11 http://www.openwall.com/lists/oss-security/2011/08/20/1 http://www.openwall.com/lists/oss-security/2011/08/22/13 http://www.openwall.com/lists/oss-security/2011/08/22/14 http://www.openwall.com/lists/oss-security/2011/08/22/5
SECUNIA	http://secunia.com/advisories/45921

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:04:41	Multiple Updates

Type	Count
CPE ID(s)	61
osvdb(s)	1

Related	Severity
DSA-2301	(High)

Same Subject	Severity
Login to view 4 more Alert(s)

CVE-2011-2931

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU