Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2012-2694 | First vendor Publication | 2012-06-22 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2694 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-12-13 | Name : SuSE Update for rubygem-actionpack/activerecord-2_3 openSUSE-SU-2012:0978-1 (... File : nvt/gb_suse_2012_0978_1.nasl |
| 2012-08-30 | Name : Fedora Update for rubygem-actionpack FEDORA-2012-11363 File : nvt/gb_fedora_2012_11363_rubygem-actionpack_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for rubygem-actionpack FEDORA-2012-11885 File : nvt/gb_fedora_2012_11885_rubygem-actionpack_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for rubygem-actionpack FEDORA-2012-9606 File : nvt/gb_fedora_2012_9606_rubygem-actionpack_fc17.nasl |
| 2012-08-24 | Name : Fedora Update for rubygem-actionpack FEDORA-2012-11870 File : nvt/gb_fedora_2012_11870_rubygem-actionpack_fc16.nasl |
| 2012-08-14 | Name : Fedora Update for rubygem-actionpack FEDORA-2012-11353 File : nvt/gb_fedora_2012_11353_rubygem-actionpack_fc16.nasl |
| 2012-08-10 | Name : FreeBSD Ports: rubygem-activemodel File : nvt/freebsd_rubygem-activemodel.nasl |
| 2012-07-03 | Name : Fedora Update for rubygem-actionpack FEDORA-2012-9636 File : nvt/gb_fedora_2012_9636_rubygem-actionpack_fc16.nasl |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-10-17 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_7e61cf44654911e6828600248c0c745d.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-508.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-536.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0154.nasl - Type : ACT_GATHER_INFO |
| 2012-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9606.nasl - Type : ACT_GATHER_INFO |
| 2012-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9636.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:01:23 |
|
| 2024-11-28 12:30:05 |
|
| 2024-08-02 12:19:59 |
|
| 2024-08-02 01:05:53 |
|
| 2024-02-02 01:19:24 |
|
| 2024-02-01 12:05:43 |
|
| 2023-09-05 12:18:19 |
|
| 2023-09-05 01:05:36 |
|
| 2023-09-02 12:18:20 |
|
| 2023-09-02 01:05:42 |
|
| 2023-08-12 12:22:06 |
|
| 2023-08-12 01:05:43 |
|
| 2023-08-11 12:18:27 |
|
| 2023-08-11 01:05:52 |
|
| 2023-08-06 12:17:44 |
|
| 2023-08-06 01:05:43 |
|
| 2023-08-04 12:17:48 |
|
| 2023-08-04 01:05:46 |
|
| 2023-07-14 12:17:47 |
|
| 2023-07-14 01:05:40 |
|
| 2023-03-29 01:19:44 |
|
| 2023-03-28 12:05:48 |
|
| 2022-10-29 01:13:53 |
|
| 2022-10-11 12:15:53 |
|
| 2022-10-11 01:05:24 |
|
| 2021-05-05 01:10:33 |
|
| 2021-05-04 12:20:00 |
|
| 2021-04-22 01:23:43 |
|
| 2020-05-23 01:48:50 |
|
| 2020-05-23 00:33:42 |
|
| 2019-08-09 12:11:09 |
|
| 2019-08-09 12:04:48 |
|
| 2019-08-08 21:19:40 |
|
| 2016-10-18 13:21:38 |
|
| 2016-04-26 21:51:35 |
|
| 2014-06-14 13:32:57 |
|
| 2014-02-17 11:10:39 |
|
| 2013-05-10 22:40:08 |
|
| 2013-02-07 13:20:08 |
|
