Executive Summary
Summary | |
---|---|
Title | Ruby on Rails: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-200912-02 | First vendor Publication | 2009-12-20 |
Vendor | Gentoo | Last vendor Modification | 2009-12-20 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been discovered in Rails, the worst of which leading to the execution of arbitrary SQL statements. Background Description * sameer reported that lib/action_controller/cgi_process.rb removes the :cookie_only attribute from the default session options (CVE-2007-6077), due to an incomplete fix for CVE-2007-5380 (GLSA 200711-17). * Tobias Schlottke reported that the :limit and :offset parameters of ActiveRecord::Base.find() are not properly sanitized before being processed (CVE-2008-4094). * Steve from Coderrr reported that the CRSF protection in protect_from_forgery() does not parse the text/plain MIME format (CVE-2008-7248). * Nate reported a documentation error that leads to the assumption that a block returning nil passed to authenticate_or_request_with_http_digest() would deny access to the requested resource (CVE-2009-2422). * Brian Mastenbrook reported an input sanitation flaw, related to multibyte characters (CVE-2009-3009). * Gabe da Silveira reported an input sanitation flaw in the strip_tags() function (CVE-2009-4214). * Coda Hale reported an information disclosure vulnerability related to HMAC digests (CVE-2009-3086). Impact Workaround Resolution All Ruby on Rails 2.2.x users should upgrade to the latest version: NOTE: All applications using Ruby on Rails should also be configured to use the latest version available by running "rake rails:update" inside the application directory. References Availability http://security.gentoo.org/glsa/glsa-200912-02.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200912-02.xml |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-57 | Utilizing REST's Trust in the System Resource to Register Man in the Middle |
CAPEC-94 | Man in the Middle Attack |
CAPEC-114 | Authentication Abuse |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
14 % | CWE-362 | Race Condition |
14 % | CWE-287 | Improper Authentication |
14 % | CWE-200 | Information Exposure |
14 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
14 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12767 | |||
Oval ID: | oval:org.mitre.oval:def:12767 | ||
Title: | DSA-2260-1 rails -- several | ||
Description: | Two vulnerabilities were discovered in Ruby on Rails, a web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3086 The cookie store may be vulnerability to a timing attack, potentially allowing remote attackers to forge message digests. CVE-2009-4214 A cross-site scripting vulnerability in the strip_tags function allows remote user-assisted attackers to inject arbitrary web script. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2260-1 CVE-2009-3086 CVE-2009-4214 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | rails |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13757 | |||
Oval ID: | oval:org.mitre.oval:def:13757 | ||
Title: | DSA-1887-1 rails -- missing input sanitising | ||
Description: | Brian Mastenbrook discovered that rails, the MVC ruby based framework geared for web application development, is prone to cross-site scripting attacks via malformed strings in the form helper. For the stable distribution , this problem has been fixed in version 2.1.0-7. For the oldstable distribution security support has been discontinued. It has been reported that rails in oldstable is unusable and several features that are affected by security issues are broken due to programming issues. It is highly recommended to upgrade to the version in stable. For the testing distribution and the unstable distribution , this problem has been fixed in version 2.2.3-1. We recommend that you upgrade your rails packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1887-1 CVE-2009-3009 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | rails |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14680 | |||
Oval ID: | oval:org.mitre.oval:def:14680 | ||
Title: | DSA-2301-1 rails -- several | ||
Description: | Several vulnerabilities have been discovered in Rails, the Ruby web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4214 A cross-site scripting vulnerability had been found in the strip_tags function. An attacker may inject non-printable characters that certain browsers will then evaluate. This vulnerability only affects the oldstable distribution. CVE-2011-2930 A SQL injection vulnerability had been found in the quote_table_name method could allow malicious users to inject arbitrary SQL into a query. CVE-2011-2931 A cross-site scripting vulnerability had been found in the strip_tags helper. An parsing error can be exploited by an attacker, who can confuse the parser and may inject HTML tags into the output document. CVE-2011-3186 A newline injection vulnerability had been found in response.rb. This vulnerability allows an attacker to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2301-1 CVE-2011-2930 CVE-2011-2931 CVE-2011-3186 CVE-2009-4214 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | rails |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15291 | |||
Oval ID: | oval:org.mitre.oval:def:15291 | ||
Title: | DSA-2301-2 rails -- several | ||
Description: | It was discovered that the last security update for Ruby on Rails, DSA-2301-1, introduced a regression in the libactionpack-ruby package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2301-2 CVE-2011-2930 CVE-2011-2931 CVE-2011-3186 CVE-2009-4214 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | rails |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7762 | |||
Oval ID: | oval:org.mitre.oval:def:7762 | ||
Title: | DSA-1887 rails -- missing input sanitising | ||
Description: | Brian Mastenbrook discovered that rails, the MVC ruby based framework geared for web application development, is prone to cross-site scripting attacks via malformed strings in the form helper. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1887 CVE-2009-3009 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | rails |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-02-11 | Name : Debian Security Advisory DSA 2301-2 (rails) File : nvt/deb_2301_2.nasl |
2011-09-21 | Name : Debian Security Advisory DSA 2301-1 (rails) File : nvt/deb_2301_1.nasl |
2010-08-02 | Name : Ruby on Rails 'unicode strings' Cross-Site Scripting Vulnerability File : nvt/secpod_ruby_rails_xss_vuln.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-05-12 | Name : Mac OS X Security Update 2007-009 File : nvt/macosx_secupd_2007-009.nasl |
2009-12-30 | Name : Fedora Core 11 FEDORA-2009-13361 (rubygem-actionpack) File : nvt/fcore_2009_13361.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13393 (rubygem-actionpack) File : nvt/fcore_2009_13393.nasl |
2009-12-30 | Name : Gentoo Security Advisory GLSA 200912-02 (rails) File : nvt/glsa_200912_02.nasl |
2009-12-14 | Name : Fedora Core 10 FEDORA-2009-12966 (rubygem-actionpack) File : nvt/fcore_2009_12966.nasl |
2009-12-09 | Name : Ruby on Rails 'strip_tags' Cross Site Scripting Vulnerability (Linux) File : nvt/gb_ruby_rails_xss_vuln_lin.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-27 | Name : SuSE Security Summary SUSE-SR:2009:017 File : nvt/suse_sr_2009_017.nasl |
2009-10-19 | Name : Fedora Core 11 FEDORA-2009-10484 (rubygem-actionmailer) File : nvt/fcore_2009_10484.nasl |
2009-09-28 | Name : Fedora Core 10 FEDORA-2009-9799 (rubygem-activesupport) File : nvt/fcore_2009_9799.nasl |
2009-09-28 | Name : Fedora Core 11 FEDORA-2009-9922 (rubygem-actionpack) File : nvt/fcore_2009_9922.nasl |
2009-09-21 | Name : Debian Security Advisory DSA 1887-1 (rails) File : nvt/deb_1887_1.nasl |
2009-07-17 | Name : Ruby on Rails Authentication Bypass Vulnerability File : nvt/gb_ruby_rails_auth_bypass_vuln.nasl |
2009-03-02 | Name : Fedora Core 9 FEDORA-2009-2179 (rubygem-actionpack) File : nvt/fcore_2009_2179.nasl |
2009-02-17 | Name : Fedora Update for rubygem-activesupport FEDORA-2008-8322 File : nvt/gb_fedora_2008_8322_rubygem-activesupport_fc9.nasl |
2009-02-17 | Name : Fedora Update for rubygems FEDORA-2008-8322 File : nvt/gb_fedora_2008_8322_rubygems_fc9.nasl |
2009-02-17 | Name : Fedora Update for rubygem-rails FEDORA-2008-8322 File : nvt/gb_fedora_2008_8322_rubygem-rails_fc9.nasl |
2009-02-17 | Name : Fedora Update for rubygem-actionmailer FEDORA-2008-8282 File : nvt/gb_fedora_2008_8282_rubygem-actionmailer_fc8.nasl |
2009-02-17 | Name : Fedora Update for rubygem-activeresource FEDORA-2008-8322 File : nvt/gb_fedora_2008_8322_rubygem-activeresource_fc9.nasl |
2009-02-17 | Name : Fedora Update for rubygem-activerecord FEDORA-2008-8322 File : nvt/gb_fedora_2008_8322_rubygem-activerecord_fc9.nasl |
2009-02-17 | Name : Fedora Update for rubygem-actionpack FEDORA-2008-8322 File : nvt/gb_fedora_2008_8322_rubygem-actionpack_fc9.nasl |
2009-02-17 | Name : Fedora Update for rubygem-actionmailer FEDORA-2008-8322 File : nvt/gb_fedora_2008_8322_rubygem-actionmailer_fc9.nasl |
2009-02-17 | Name : Fedora Update for rubygems FEDORA-2008-8282 File : nvt/gb_fedora_2008_8282_rubygems_fc8.nasl |
2009-02-17 | Name : Fedora Update for rubygem-rails FEDORA-2008-8282 File : nvt/gb_fedora_2008_8282_rubygem-rails_fc8.nasl |
2009-02-17 | Name : Fedora Update for rubygem-activesupport FEDORA-2008-8282 File : nvt/gb_fedora_2008_8282_rubygem-activesupport_fc8.nasl |
2009-02-17 | Name : Fedora Update for rubygem-activeresource FEDORA-2008-8282 File : nvt/gb_fedora_2008_8282_rubygem-activeresource_fc8.nasl |
2009-02-17 | Name : Fedora Update for rubygem-activerecord FEDORA-2008-8282 File : nvt/gb_fedora_2008_8282_rubygem-activerecord_fc8.nasl |
2009-02-17 | Name : Fedora Update for rubygem-actionpack FEDORA-2008-8282 File : nvt/gb_fedora_2008_8282_rubygem-actionpack_fc8.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-17 (rails) File : nvt/glsa_200711_17.nasl |
2008-09-17 | Name : FreeBSD Ports: rubygem-rails File : nvt/freebsd_rubygem-rails2.nasl |
2008-09-04 | Name : FreeBSD Ports: rubygem-rails File : nvt/freebsd_rubygem-rails0.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61124 | Ruby on Rails Token Verification Weakness CSRF Protection Bypass |
60544 | Ruby on Rails HTML::Tokenizer strip_tags Function XSS |
57879 | Ruby on Rails Cookie Store Unspecified Algorithm Message-digest Signature Ver... |
57666 | Ruby on Rails Malformed Unicode String XSS |
55664 | Ruby on Rails HTTP Digest Authentication nil User Bypass |
48150 | Ruby on Rails Active Record :offset / :limit Parameter SQL Injection |
40718 | Ruby on Rails URL-based Sessions Unspecified Session Fixation |
39193 | Ruby on Rails cgi_process.rb Cookie Related Session Fixation Ruby on Rails contains a flaw that may allow a malicious user to hijack the session of another via session fixation. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-09-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2301.nasl - Type : ACT_GATHER_INFO |
2011-06-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2260.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_rubygem-actionpack-2_3-100205.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_rubygem-actionpack-100210.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_rubygem-actionpack-100210.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_rubygem-actionpack-100205.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1887.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200912-02.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13393.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13361.nasl - Type : ACT_GATHER_INFO |
2009-12-10 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12966.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_rubygem-activesupport-2_1-090917.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_rubygem-actionpack-2_1-090917.nasl - Type : ACT_GATHER_INFO |
2009-10-15 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-10484.nasl - Type : ACT_GATHER_INFO |
2009-09-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-9922.nasl - Type : ACT_GATHER_INFO |
2009-09-25 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-9799.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote web server contains an application that is prone to an authenticat... File : ror_http_digest_bypass.nasl - Type : ACT_ATTACK |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_rubygem-activerecord-081122.nasl - Type : ACT_GATHER_INFO |
2009-03-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_8e8b8b947f1d11dda66a0019666436c2.nasl - Type : ACT_GATHER_INFO |
2008-12-01 | Name : The remote openSUSE host is missing a security update. File : suse_rubygem-activerecord-5817.nasl - Type : ACT_GATHER_INFO |
2008-10-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-8282.nasl - Type : ACT_GATHER_INFO |
2008-09-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-8322.nasl - Type : ACT_GATHER_INFO |
2007-12-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-009.nasl - Type : ACT_GATHER_INFO |
2007-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_rubygem-actionpack-4754.nasl - Type : ACT_GATHER_INFO |
2007-11-29 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_30acb8ae9d4611dc9114001c2514716c.nasl - Type : ACT_GATHER_INFO |
2007-11-28 | Name : The remote web server is affected by a session fixation vulnerability. File : ror_session_fixation.nasl - Type : ACT_GATHER_INFO |
2007-11-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-17.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:36:46 |
|