oval:org.mitre.oval:def:18552

Definition Id: oval:org.mitre.oval:def:18552
 
Oval ID: oval:org.mitre.oval:def:18552
Title: DSA-2597-1 rails - input validation error
Description: joernchen of Phenoelit discovered that rails, an MVC ruby based framework geared for web application development, is not properly treating user-supplied input to <q>find_by_*</q> methods. Depending on how the ruby on rails application is using these methods, this allows an attacker to perform SQL injection attacks, e.g., to bypass authentication if Authlogic is used and the session secret token is known.
Family: unix Class: patch
Reference(s): DSA-2597-1
CVE-2012-6496
CVE-2012-6497
 Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): rails
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12959
 
Oval ID: oval:org.mitre.oval:def:12959
Title: Debian 6.0 is installed
Description: Debian 6.0 (squeeze) is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian:6.0
 Version: 6
Platform(s): Debian 6.0
 Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:18552
Definition Id: oval:org.mitre.oval:def:24894
 
Oval ID: oval:org.mitre.oval:def:24894
Title: Debian GNU/Linux is installed
Description: Debian GNU/Linux is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian_gnu/linux
 Version: 3
Platform(s): Debian GNU/Linux
 Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:18552
Definition Id: oval:org.mitre.oval:def:24698
 
Oval ID: oval:org.mitre.oval:def:24698
Title: Debian GNU/kFreeBSD is installed
Description: Debian GNU/kFreeBSD is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian_gnu/kfreebsd
 Version: 3
Platform(s): Debian GNU/kFreeBSD
 Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:18552