Executive Summary
Summary | |
---|---|
Title | Ruby on Rails: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201412-28 | First vendor Publication | 2014-12-14 |
Vendor | Gentoo | Last vendor Modification | 2014-12-14 |
Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities were found in Ruby on Rails, the worst of which allowing for execution of arbitrary code. Background Description Impact Workaround Resolution NOTE: All applications using Ruby on Rails should also be configured to use the latest version available by running "rake rails:update" inside the application directory. NOTE: This is a legacy GLSA and stable updates for Ruby on Rails, including the unaffected version listed above, are no longer available from Gentoo. It may be possible to upgrade to the 3.2, 4.0, or 4.1 References Availability http://security.gentoo.org/glsa/glsa-201412-28.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201412-28.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
29 % | CWE-20 | Improper Input Validation |
18 % | CWE-264 | Permissions, Privileges, and Access Controls |
12 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
6 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
6 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12893 | |||
Oval ID: | oval:org.mitre.oval:def:12893 | ||
Title: | DSA-2247-1 rails -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in Rails, the Ruby web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0446 Multiple cross-site scripting vulnerabilities when JavaScript encoding is used, allow remote attackers to inject arbitrary web script or HTML. CVE-2011-0447 Rails does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery attacks. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2247-1 CVE-2011-0446 CVE-2011-0447 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | rails |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17800 | |||
Oval ID: | oval:org.mitre.oval:def:17800 | ||
Title: | DSA-2609-1 rails - SQL query manipulation | ||
Description: | An interpretation conflict can cause the Active Record component of Rails, a web framework for the Ruby programming language, to truncate queries in unexpected ways. This may allow attackers to elevate their privileges. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2609-1 CVE-2013-0155 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | rails |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17839 | |||
Oval ID: | oval:org.mitre.oval:def:17839 | ||
Title: | DSA-2655-1 rails - several | ||
Description: | Several cross-site-scripting and denial of service vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2655-1 CVE-2011-2932 CVE-2012-3464 CVE-2012-3465 CVE-2013-1854 CVE-2013-1855 CVE-2013-1857 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | rails |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18384 | |||
Oval ID: | oval:org.mitre.oval:def:18384 | ||
Title: | DSA-2613-1 rails - insufficient input validation | ||
Description: | Lawrence Pit discovered that Ruby on Rails, a web development framework, is vulnerable to a flaw in the parsing of JSON to YAML. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2613-1 CVE-2013-0333 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | rails |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19664 | |||
Oval ID: | oval:org.mitre.oval:def:19664 | ||
Title: | DSA-2604-1 rails - insufficient input validation | ||
Description: | It was discovered that Rails, the Ruby web application development framework, performed insufficient validation on input parameters, allowing unintended type conversions. An attacker may use this to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on the application. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2604-1 CVE-2013-0156 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | rails |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19688 | |||
Oval ID: | oval:org.mitre.oval:def:19688 | ||
Title: | DSA-2620-1 rails - several | ||
Description: | Two vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2620-1 CVE-2013-0276 CVE-2013-0277 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | rails |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Ruby on Rails XML Processor YAML Deserialization | More info here |
ExploitDB Exploits
id | Description |
---|---|
2013-01-29 | Ruby on Rails JSON Processor YAML Deserialization Code Execution |
2013-01-10 | Ruby on Rails XML Processor YAML Deserialization Code Execution |
OpenVAS Exploits
Date | Description |
---|---|
2012-04-02 | Name : Fedora Update for rubygem-rails FEDORA-2011-11386 File : nvt/gb_fedora_2011_11386_rubygem-rails_fc16.nasl |
2012-04-02 | Name : Fedora Update for rubygem-actionmailer FEDORA-2011-11386 File : nvt/gb_fedora_2011_11386_rubygem-actionmailer_fc16.nasl |
2012-04-02 | Name : Fedora Update for rubygem-actionpack FEDORA-2011-11386 File : nvt/gb_fedora_2011_11386_rubygem-actionpack_fc16.nasl |
2012-04-02 | Name : Fedora Update for rubygem-activerecord FEDORA-2011-11386 File : nvt/gb_fedora_2011_11386_rubygem-activerecord_fc16.nasl |
2012-04-02 | Name : Fedora Update for rubygem-activeresource FEDORA-2011-11386 File : nvt/gb_fedora_2011_11386_rubygem-activeresource_fc16.nasl |
2012-04-02 | Name : Fedora Update for rubygem-activesupport FEDORA-2011-11386 File : nvt/gb_fedora_2011_11386_rubygem-activesupport_fc16.nasl |
2012-03-19 | Name : Fedora Update for rubygem-railties FEDORA-2011-11386 File : nvt/gb_fedora_2011_11386_rubygem-railties_fc16.nasl |
2012-03-19 | Name : Fedora Update for rubygem-activemodel FEDORA-2011-11386 File : nvt/gb_fedora_2011_11386_rubygem-activemodel_fc16.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2301-2 (rails) File : nvt/deb_2301_2.nasl |
2011-09-21 | Name : Debian Security Advisory DSA 2301-1 (rails) File : nvt/deb_2301_1.nasl |
2011-09-21 | Name : FreeBSD Ports: rubygem-rails File : nvt/freebsd_rubygem-rails3.nasl |
2011-09-12 | Name : Fedora Update for rubygem-actionpack FEDORA-2011-11567 File : nvt/gb_fedora_2011_11567_rubygem-actionpack_fc14.nasl |
2011-09-12 | Name : Fedora Update for rubygem-actionpack FEDORA-2011-11572 File : nvt/gb_fedora_2011_11572_rubygem-actionpack_fc15.nasl |
2011-09-12 | Name : Fedora Update for rubygem-activesupport FEDORA-2011-11579 File : nvt/gb_fedora_2011_11579_rubygem-activesupport_fc15.nasl |
2011-09-12 | Name : Fedora Update for rubygem-activesupport FEDORA-2011-11600 File : nvt/gb_fedora_2011_11600_rubygem-activesupport_fc14.nasl |
2011-08-03 | Name : Debian Security Advisory DSA 2247-1 (rails) File : nvt/deb_2247_1.nasl |
2011-03-08 | Name : Fedora Update for rubygem-actionpack FEDORA-2011-2133 File : nvt/gb_fedora_2011_2133_rubygem-actionpack_fc14.nasl |
2011-03-08 | Name : Fedora Update for rubygem-actionpack FEDORA-2011-2138 File : nvt/gb_fedora_2011_2138_rubygem-actionpack_fc13.nasl |
2011-02-28 | Name : Ruby on Rails Security Bypass and SQL Injection Vulnerabilities File : nvt/secpod_ruby_rails_sec_bypass_n_sql_inj_vuln.nasl |
2011-02-23 | Name : Ruby on Rails Multiple Cross Site Scripting Vulnerabilities File : nvt/secpod_ruby_rails_mult_xss_vuln.nasl |
2011-02-22 | Name : Mandriva Update for python-django MDVSA-2011:031 (python-django) File : nvt/gb_mandriva_MDVSA_2011_031.nasl |
2010-12-09 | Name : Ruby on Rails Security Bypass Vulnerability File : nvt/gb_ruby_rails_sec_bypass_vuln.nasl |
2010-08-02 | Name : Ruby on Rails Cross Site Request Forgery Vulnerability File : nvt/secpod_ruby_rails_csrf_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74618 | Ruby on Rails Escaping Mechanism Unicode Sequence Handling XSS |
74617 | Ruby on Rails actionpack/lib/action_controller/vendor/html-scanner/html/node.... |
74616 | Ruby on Rails actionpack/lib/action_controller/response.rb Content Type Handl... |
74615 | Ruby on Rails Template Selection View Rendering Access Restriction Bypass |
74614 | Ruby on Rails activerecord/lib/active_record/connection_adapters/ quote_table... |
70928 | Ruby on Rails mail_to Helper Multiple Parameter XSS Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'name' or 'email' values upon submission to the 'mail_to' helper. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
70927 | Ruby on Rails Ajax/API Request CSRF Protection Bypass Ruby on Rails contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for AJAX or API HTTP requests that contain a X-Requested-With header. This makes it easier for an attacker to use a crafted URL (e.g., a crafted GET request inside an "img" tag) to trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification. |
70906 | Ruby on Rails Filter Case-Insensitive Filesystem Issue Ruby on Rails contains a flaw related to 'actionpack/lib/action_view/template/resolver.rb' failing to properly implement filtering code when a case-insensitive filesystem is in use. This may allow a remote attacker to bypass intended access restrictions by using an action name that uses an unexpected case on alphabetic characters. |
70905 | Ruby on Rails limit() Function SQL Injection Ruby on Rails contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due input passed via the 'limit()This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. |
68769 | Ruby on Rails Nested Attribute Handling Arbitrary Record Manipulation Ruby on Rails contains a flaw related to the improper handling of nested attributes. This may allow a remote attacker to modify arbitrary records by changing parameter names in form inputs. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Rails JSON to YAML parsing deserialization attempt RuleID : 25552 - Revision : 4 - Type : SERVER-OTHER |
2014-01-10 | Rails XML parameter parsing vulnerability exploitation attempt RuleID : 25288 - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | Rails XML parameter parsing vulnerability exploitation attempt RuleID : 25287 - Revision : 12 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-10-17 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_7e61cf44654911e6828600248c0c745d.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-172.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-28.nasl - Type : ACT_GATHER_INFO |
2014-11-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1863.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-327.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-326.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-325.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-324.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-152.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-106.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-329.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-988.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-989.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-1.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_rubygem-actionmailer-111116.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-990.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_rubygem-actionmailer-111116.nasl - Type : ACT_GATHER_INFO |
2014-03-11 | Name : The remote Fedora host is missing a security update. File : fedora_2014-3232.nasl - Type : ACT_GATHER_INFO |
2014-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23636.nasl - Type : ACT_GATHER_INFO |
2013-10-24 | Name : The remote host is missing a security update for OS X Server. File : macosx_server_3_0.nasl - Type : ACT_GATHER_INFO |
2013-06-05 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-002.nasl - Type : ACT_GATHER_INFO |
2013-04-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_db0c4b00a24c11e29601000d601460a4.nasl - Type : ACT_GATHER_INFO |
2013-04-01 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4130.nasl - Type : ACT_GATHER_INFO |
2013-04-01 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4139.nasl - Type : ACT_GATHER_INFO |
2013-04-01 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4198.nasl - Type : ACT_GATHER_INFO |
2013-04-01 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4199.nasl - Type : ACT_GATHER_INFO |
2013-04-01 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4214.nasl - Type : ACT_GATHER_INFO |
2013-03-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2655.nasl - Type : ACT_GATHER_INFO |
2013-03-15 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-001.nasl - Type : ACT_GATHER_INFO |
2013-03-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_cda566a02df04eb0b70eed7a6fb0ab3c.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2398.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2391.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2351.nasl - Type : ACT_GATHER_INFO |
2013-02-18 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_beab40bfc1ca4d2bad462f14bac8a968.nasl - Type : ACT_GATHER_INFO |
2013-02-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2620.nasl - Type : ACT_GATHER_INFO |
2013-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1745.nasl - Type : ACT_GATHER_INFO |
2013-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1710.nasl - Type : ACT_GATHER_INFO |
2013-02-05 | Name : The remote host is missing an update for OS X Server that fixes two security ... File : macosx_server_2_2_1.nasl - Type : ACT_GATHER_INFO |
2013-01-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2613.nasl - Type : ACT_GATHER_INFO |
2013-01-29 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0201.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0154.nasl - Type : ACT_GATHER_INFO |
2013-01-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-0635.nasl - Type : ACT_GATHER_INFO |
2013-01-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-0686.nasl - Type : ACT_GATHER_INFO |
2013-01-21 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-0568.nasl - Type : ACT_GATHER_INFO |
2013-01-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2609.nasl - Type : ACT_GATHER_INFO |
2013-01-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2604.nasl - Type : ACT_GATHER_INFO |
2013-01-09 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ca5d327259e311e2853b00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
2011-09-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-11600.nasl - Type : ACT_GATHER_INFO |
2011-09-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-11579.nasl - Type : ACT_GATHER_INFO |
2011-09-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-11572.nasl - Type : ACT_GATHER_INFO |
2011-09-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-11567.nasl - Type : ACT_GATHER_INFO |
2011-09-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-11386.nasl - Type : ACT_GATHER_INFO |
2011-09-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2301.nasl - Type : ACT_GATHER_INFO |
2011-06-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2247.nasl - Type : ACT_GATHER_INFO |
2011-04-06 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-4358.nasl - Type : ACT_GATHER_INFO |
2011-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-2138.nasl - Type : ACT_GATHER_INFO |
2011-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-2133.nasl - Type : ACT_GATHER_INFO |
2011-02-20 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-031.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-12-16 13:25:47 |
|
2014-12-15 00:22:04 |
|