ID CVE-2012-6708 Type cve Reporter cve@mitre.org Modified 2019-06-10T23:29:00
Description
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
{"id": "CVE-2012-6708", "bulletinFamily": "NVD", "title": "CVE-2012-6708", "description": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.", "published": "2018-01-18T23:29:00", "modified": "2019-06-10T23:29:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6708", "reporter": "cve@mitre.org", "references": ["https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "http://www.securityfocus.com/bid/102792", "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", "https://snyk.io/vuln/npm:jquery:20120206", "https://bugs.jquery.com/ticket/11290", "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d"], "cvelist": ["CVE-2012-6708"], "type": "cve", "lastseen": "2020-12-09T19:47:27", "edition": 10, "viewCount": 174, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K62532311"]}, {"type": "nessus", "idList": ["F5_BIGIP_SOL62532311.NASL", "OPENSUSE-2020-395.NASL", "IBM_TEM_9_5_12.NASL", "ALA_ALAS-2020-1422.NASL", "JQUERY_1_9_0.NASL", "FREEBSD_PKG_ED8D5535CA7811E9980B999FF59C22EA.NASL", "SUSE_SU-2020-0737-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310141636", "OPENVAS:1361412562310853086"]}, {"type": "freebsd", "idList": ["ED8D5535-CA78-11E9-980B-999FF59C22EA"]}, {"type": "hackerone", "idList": ["H1:519061"]}, {"type": "archlinux", "idList": ["ASA-201910-4", "ASA-201910-5"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0395-1"]}, {"type": "amazon", "idList": ["ALAS-2020-1422"]}], "modified": "2020-12-09T19:47:27", "rev": 2}, "score": {"value": 4.1, "vector": "NONE", "modified": "2020-12-09T19:47:27", "rev": 2}, "vulnersScore": 4.1}, "cpe": [], "affectedSoftware": [{"cpeName": "jquery:jquery", "name": "jquery", "operator": "lt", "version": "1.9.0"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:jquery:jquery:1.9.0:*:*:*:*:*:*:*", "versionEndExcluding": "1.9.0", "vulnerable": true}], "operator": "OR"}]}}
{"f5": [{"lastseen": "2020-04-06T22:39:56", "bulletinFamily": "software", "cvelist": ["CVE-2012-6708"], "description": "\nF5 Product Development has assigned ID 749324 (BIG-IP), and JIRA ID's CPF-25008 and CPF-250009 (Traffix SDC) to this vulnerability. Additionally, [BIG-IP iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H62532311 on the **Diagnostics** > **Identified** > **Low** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | None | 15.0.0 | Low | [3.1](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L>) | Configuration utility \n14.x | 14.1.0 \n14.0.0 - 14.0.12 | 14.1.2.3 \n13.x | 13.0.0 - 13.1.3 | 13.1.3.2 \n12.x | 12.1.0 - 12.1.3 | None \n11.x | 11.2.1 - 11.6.3 | None \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Not vulnerable | None | None \n5.x | None | Not applicable \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N>) | WebUI \n4.x | 4.4.0 | None \n \n1 The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2 F5 will not be developing a fix for the 14.0.x software branches, and this table will not be updated with subsequent vulnerable releases in these branches. For more information, refer to [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-12-23T21:16:00", "published": "2018-11-28T03:09:00", "id": "F5:K62532311", "href": "https://support.f5.com/csp/article/K62532311", "title": "jQuery vulnerability CVE-2012-6708", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2020-09-14T13:54:58", "description": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS)\nattacks. The jQuery(strInput) function does not differentiate\nselectors from HTML in a reliable fashion. In vulnerable versions,\njQuery determined whether the input was HTML by looking for the '<'\ncharacter anywhere in the string, giving attackers more flexibility\nwhen attempting to construct a malicious payload. In fixed versions,\njQuery only deems the input to be HTML if it explicitly starts with\nthe '<' character, limiting exploitability only to attackers who can\ncontrol the beginning of a string, which is far less common.\n(CVE-2012-6708)\n\nImpact\n\nThis vulnerability allows an authenticated user to perform an\nunauthorized modification.", "edition": 9, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2019-05-29T00:00:00", "title": "F5 Networks BIG-IP : jQuery vulnerability (K62532311)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6708"], "modified": "2019-05-29T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL62532311.NASL", "href": "https://www.tenable.com/plugins/nessus/125483", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K62532311.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125483);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/02\");\n\n script_cve_id(\"CVE-2012-6708\");\n\n script_name(english:\"F5 Networks BIG-IP : jQuery vulnerability (K62532311)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS)\nattacks. The jQuery(strInput) function does not differentiate\nselectors from HTML in a reliable fashion. In vulnerable versions,\njQuery determined whether the input was HTML by looking for the '<'\ncharacter anywhere in the string, giving attackers more flexibility\nwhen attempting to construct a malicious payload. In fixed versions,\njQuery only deems the input to be HTML if it explicitly starts with\nthe '<' character, limiting exploitability only to attackers who can\ncontrol the beginning of a string, which is far less common.\n(CVE-2012-6708)\n\nImpact\n\nThis vulnerability allows an authenticated user to perform an\nunauthorized modification.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K62532311\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K62532311.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K62532311\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"14.1.0-14.1.2\",\"14.0.0-14.0.1\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.2\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"14.1.0-14.1.2\",\"14.0.0-14.0.1\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.2\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"14.1.0-14.1.2\",\"14.0.0-14.0.1\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.2\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"14.1.0-14.1.2\",\"14.0.0-14.0.1\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.2\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"14.1.0-14.1.2\",\"14.0.0-14.0.1\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.2\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"14.1.0-14.1.2\",\"14.0.0-14.0.1\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.2\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"14.1.0-14.1.2\",\"14.0.0-14.0.1\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.2\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"14.1.0-14.1.2\",\"14.0.0-14.0.1\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.2\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"14.1.0-14.1.2\",\"14.0.0-14.0.1\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.2\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"14.1.0-14.1.2\",\"14.0.0-14.0.1\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.2\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-04-04T00:32:54", "description": "According to the self-reported version in the script, the\nversion of JQuery hosted on the remote web server is \nprior to 1.9.0. It is, therefore, affected by a cross site\nscripting vulnerability.", "edition": 2, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-03-31T00:00:00", "title": "JQuery < 1.9.0 XSS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6708"], "modified": "2020-03-31T00:00:00", "cpe": [], "id": "JQUERY_1_9_0.NASL", "href": "https://www.tenable.com/plugins/nessus/135011", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135011);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/02\");\n\n script_cve_id(\"CVE-2012-6708\");\n\n script_name(english:\"JQuery < 1.9.0 XSS\");\n script_summary(english:\"Checks the version of JQuery.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a cross site scripting\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the self-reported version in the script, the\nversion of JQuery hosted on the remote web server is \nprior to 1.9.0. It is, therefore, affected by a cross site\nscripting vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2012-6708\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to JQuery version 1.9.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-6708\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/31\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"jquery_detect.nasl\");\n script_require_keys(\"Settings/ParanoidReport\", \"installed_sw/jquery\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"jquery\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:8081);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.9.0\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING,flags:{xss:TRUE});\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T02:46:39", "description": "Ruby news :\n\nThere are multiple vulnerabilities about Cross-Site Scripting (XSS) in\njQuery shipped with RDoc which bundled in Ruby. All Ruby users are\nrecommended to update Ruby to the latest release which includes the\nfixed version of RDoc.\n\nThe following vulnerabilities have been reported.\n\nCVE-2012-6708\n\nCVE-2015-9251", "edition": 16, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2019-08-30T00:00:00", "title": "FreeBSD : RDoc -- multiple jQuery vulnerabilities (ed8d5535-ca78-11e9-980b-999ff59c22ea)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-9251", "CVE-2012-6708"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ruby", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:rubygem-rdoc"], "id": "FREEBSD_PKG_ED8D5535CA7811E9980B999FF59C22EA.NASL", "href": "https://www.tenable.com/plugins/nessus/128404", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128404);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2012-6708\", \"CVE-2015-9251\");\n\n script_name(english:\"FreeBSD : RDoc -- multiple jQuery vulnerabilities (ed8d5535-ca78-11e9-980b-999ff59c22ea)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ruby news :\n\nThere are multiple vulnerabilities about Cross-Site Scripting (XSS) in\njQuery shipped with RDoc which bundled in Ruby. All Ruby users are\nrecommended to update Ruby to the latest release which includes the\nfixed version of RDoc.\n\nThe following vulnerabilities have been reported.\n\nCVE-2012-6708\n\nCVE-2015-9251\"\n );\n # https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1475b8d4\"\n );\n # https://vuxml.freebsd.org/freebsd/ed8d5535-ca78-11e9-980b-999ff59c22ea.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?caf61e14\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ruby>=2.4.0,1<2.4.7,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby>=2.5.0,1<2.5.6,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby>=2.6.0,1<2.6.3,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-rdoc<6.1.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T03:16:20", "description": "According to its self-reported version, the IBM BigFix Platform\napplication running on the remote host is 9.5.x prior to 9.5.12. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An arbitrary file upload vulnerability exists in IBM BigFix\n Platform. An authenticated, remote attacker can exploit this\n to upload arbitrary files on the remote host as the root user.\n (CVE-2019-4013)\n\n - An information disclosure vulnerability exists in IBM BigFix\n Platform due to the PortSmash side-channel attack against\n processors leveraging SMT/Hyper-Threading. An authenticated,\n local attacker can exploit this to disclose potentially \n sensitive information. (CVE-2018-5407)\n\n - A cross-site scripting (XSS) vulnerability exists due to \n improper validation of user-supplied input before returning \n it to users. An unauthenticated, remote attacker can exploit \n this, by convincing a user to click a specially crafted URL, \n to execute arbitrary script code in a user's browser session.\n (CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)\n\nIBM BigFix Platform was formerly known as Tivoli Endpoint Manager,\nIBM Endpoint Manager, and IBM BigFix Endpoint Manager.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 18, "cvss3": {"score": 9.9, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-05-03T00:00:00", "title": "IBM BigFix Platform 9.5.x < 9.5.12 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-9251", "CVE-2012-6708", "CVE-2018-5407", "CVE-2012-5883", "CVE-2019-4013"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:ibm:tivoli_endpoint_manager", "cpe:/a:ibm:bigfix_platform"], "id": "IBM_TEM_9_5_12.NASL", "href": "https://www.tenable.com/plugins/nessus/124565", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124565);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/10/30 13:24:47\");\n\n script_cve_id(\n \"CVE-2012-5883\",\n \"CVE-2012-6708\",\n \"CVE-2015-9251\",\n \"CVE-2018-5407\",\n \"CVE-2019-4013\"\n );\n script_bugtraq_id(\n 102792,\n 105658,\n 105897,\n 107870,\n 56385\n );\n script_xref(name:\"IAVB\", value:\"2019-B-0029\");\n\n script_name(english:\"IBM BigFix Platform 9.5.x < 9.5.12 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of the IBM BigFix Server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An infrastructure management application running on the remote host\nis affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the IBM BigFix Platform\napplication running on the remote host is 9.5.x prior to 9.5.12. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An arbitrary file upload vulnerability exists in IBM BigFix\n Platform. An authenticated, remote attacker can exploit this\n to upload arbitrary files on the remote host as the root user.\n (CVE-2019-4013)\n\n - An information disclosure vulnerability exists in IBM BigFix\n Platform due to the PortSmash side-channel attack against\n processors leveraging SMT/Hyper-Threading. An authenticated,\n local attacker can exploit this to disclose potentially \n sensitive information. (CVE-2018-5407)\n\n - A cross-site scripting (XSS) vulnerability exists due to \n improper validation of user-supplied input before returning \n it to users. An unauthenticated, remote attacker can exploit \n this, by convincing a user to click a specially crafted URL, \n to execute arbitrary script code in a user's browser session.\n (CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)\n\nIBM BigFix Platform was formerly known as Tivoli Endpoint Manager,\nIBM Endpoint Manager, and IBM BigFix Endpoint Manager.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www-01.ibm.com/support/docview.wss?uid=ibm10874666\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?11913efb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM BigFix Platform version 9.5.12 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-4013\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_endpoint_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:bigfix_platform\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_tem_detect.nasl\");\n script_require_keys(\"www/BigFixHTTPServer\");\n script_require_ports(\"Services/www\", 52311);\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"http.inc\");\n\napp = \"IBM BigFix Server\";\nport = get_http_port(default:52311, embedded:FALSE);\n\nkb_version = \"www/BigFixHTTPServer/\"+port+\"/version\";\nversion = get_kb_item_or_exit(kb_version);\n\nif (version == UNKNOWN_VER)\n audit(AUDIT_UNKNOWN_WEB_SERVER_VER, app, port);\n\napp_info = vcf::get_app_info(\n app:app,\n port:port,\n kb_ver:kb_version,\n service:TRUE\n);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { \"min_version\" : \"9.5\", \"fixed_version\" : \"9.5.12\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{xss:TRUE});\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-07-22T03:50:37", "description": "This update for ruby2.5 toversion 2.5.7 fixes the following issues:\n	 ruby 2.5 was updated to version 2.5.7 \n\n - CVE-2020-8130: Fixed a command injection in intree copy\n of rake (bsc#1164804).\n\n - CVE-2019-16255: Fixed a code injection vulnerability of\n Shell#[] and Shell#test (bsc#1152990).\n\n - CVE-2019-16254: Fixed am HTTP response splitting in\n WEBrick (bsc#1152992).\n\n - CVE-2019-15845: Fixed a null injection vulnerability of\n File.fnmatch and File.fnmatch? (bsc#1152994).\n\n - CVE-2019-16201: Fixed a regular expression denial of\n service of WEBrick Digest access authentication\n (bsc#1152995).\n\n - CVE-2012-6708: Fixed an XSS in JQuery\n\n - CVE-2015-9251: Fixed an XSS in JQuery\n\n - Fixed unit tests (bsc#1140844)\n\n - Removed some unneeded test files (bsc#1162396).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 4, "cvss3": {"score": 6.4, "vector": "AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-02T00:00:00", "title": "openSUSE Security Update : ruby2.5 (openSUSE-2020-395)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15845", "CVE-2015-9251", "CVE-2012-6708", "CVE-2020-8130", "CVE-2019-16255", "CVE-2019-16254", "CVE-2019-16201"], "modified": "2020-04-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.5-debugsource", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:ruby2.5-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.5-devel-extra", "p-cpe:/a:novell:opensuse:ruby2.5-stdlib-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.5-doc-ri", "p-cpe:/a:novell:opensuse:libruby2_5-2_5-debuginfo", "p-cpe:/a:novell:opensuse:libruby2_5-2_5", "p-cpe:/a:novell:opensuse:ruby2.5", "p-cpe:/a:novell:opensuse:ruby2.5-stdlib", "p-cpe:/a:novell:opensuse:ruby2.5-devel"], "id": "OPENSUSE-2020-395.NASL", "href": "https://www.tenable.com/plugins/nessus/135161", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-395.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135161);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/21\");\n\n script_cve_id(\"CVE-2012-6708\", \"CVE-2015-9251\", \"CVE-2019-15845\", \"CVE-2019-16201\", \"CVE-2019-16254\", \"CVE-2019-16255\", \"CVE-2020-8130\");\n\n script_name(english:\"openSUSE Security Update : ruby2.5 (openSUSE-2020-395)\");\n script_summary(english:\"Check for the openSUSE-2020-395 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for ruby2.5 toversion 2.5.7 fixes the following issues:\n	 ruby 2.5 was updated to version 2.5.7 \n\n - CVE-2020-8130: Fixed a command injection in intree copy\n of rake (bsc#1164804).\n\n - CVE-2019-16255: Fixed a code injection vulnerability of\n Shell#[] and Shell#test (bsc#1152990).\n\n - CVE-2019-16254: Fixed am HTTP response splitting in\n WEBrick (bsc#1152992).\n\n - CVE-2019-15845: Fixed a null injection vulnerability of\n File.fnmatch and File.fnmatch? (bsc#1152994).\n\n - CVE-2019-16201: Fixed a regular expression denial of\n service of WEBrick Digest access authentication\n (bsc#1152995).\n\n - CVE-2012-6708: Fixed an XSS in JQuery\n\n - CVE-2015-9251: Fixed an XSS in JQuery\n\n - Fixed unit tests (bsc#1140844)\n\n - Removed some unneeded test files (bsc#1162396).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1162396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1164804\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected ruby2.5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8130\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libruby2_5-2_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libruby2_5-2_5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-devel-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-doc-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-stdlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libruby2_5-2_5-2.5.7-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libruby2_5-2_5-debuginfo-2.5.7-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-2.5.7-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-debuginfo-2.5.7-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-debugsource-2.5.7-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-devel-2.5.7-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-devel-extra-2.5.7-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-doc-ri-2.5.7-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-stdlib-2.5.7-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-stdlib-debuginfo-2.5.7-lp151.4.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libruby2_5-2_5 / libruby2_5-2_5-debuginfo / ruby2.5 / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:26:35", "description": "This update for ruby2.5 toversion 2.5.7 fixes the following issues :\n\nruby 2.5 was updated to version 2.5.7\n\nCVE-2020-8130: Fixed a command injection in intree copy of rake\n(bsc#1164804).\n\nCVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and\nShell#test (bsc#1152990).\n\nCVE-2019-16254: Fixed am HTTP response splitting in WEBrick\n(bsc#1152992).\n\nCVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch\nand File.fnmatch? (bsc#1152994).\n\nCVE-2019-16201: Fixed a regular expression denial of service of\nWEBrick Digest access authentication (bsc#1152995).\n\nCVE-2012-6708: Fixed an XSS in JQuery\n\nCVE-2015-9251: Fixed an XSS in JQuery\n\nFixed unit tests (bsc#1140844)\n\nRemoved some unneeded test files (bsc#1162396).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 6.4, "vector": "AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-03-23T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : Recommended update for ruby2.5 (SUSE-SU-2020:0737-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15845", "CVE-2015-9251", "CVE-2012-6708", "CVE-2020-8130", "CVE-2019-16255", "CVE-2019-16254", "CVE-2019-16201"], "modified": "2020-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ruby2.5-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:ruby2.5-debugsource", "p-cpe:/a:novell:suse_linux:ruby2.5-doc", "p-cpe:/a:novell:suse_linux:libruby2_5-2_5-debuginfo", "p-cpe:/a:novell:suse_linux:ruby2.5-devel-extra", "p-cpe:/a:novell:suse_linux:ruby2.5-stdlib", "p-cpe:/a:novell:suse_linux:ruby2.5-stdlib-debuginfo", "p-cpe:/a:novell:suse_linux:libruby2_5", "p-cpe:/a:novell:suse_linux:ruby2.5-devel", "p-cpe:/a:novell:suse_linux:ruby2.5"], "id": "SUSE_SU-2020-0737-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134824", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0737-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134824);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2012-6708\", \"CVE-2015-9251\", \"CVE-2019-15845\", \"CVE-2019-16201\", \"CVE-2019-16254\", \"CVE-2019-16255\", \"CVE-2020-8130\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : Recommended update for ruby2.5 (SUSE-SU-2020:0737-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for ruby2.5 toversion 2.5.7 fixes the following issues :\n\nruby 2.5 was updated to version 2.5.7\n\nCVE-2020-8130: Fixed a command injection in intree copy of rake\n(bsc#1164804).\n\nCVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and\nShell#test (bsc#1152990).\n\nCVE-2019-16254: Fixed am HTTP response splitting in WEBrick\n(bsc#1152992).\n\nCVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch\nand File.fnmatch? (bsc#1152994).\n\nCVE-2019-16201: Fixed a regular expression denial of service of\nWEBrick Digest access authentication (bsc#1152995).\n\nCVE-2012-6708: Fixed an XSS in JQuery\n\nCVE-2015-9251: Fixed an XSS in JQuery\n\nFixed unit tests (bsc#1140844)\n\nRemoved some unneeded test files (bsc#1162396).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6708/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-9251/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15845/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16201/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16254/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16255/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8130/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200737-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74db8108\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15:zypper in -t patch\nSUSE-SLE-Product-SLES_SAP-15-2020-737=1\n\nSUSE Linux Enterprise Server 15-LTSS:zypper in -t patch\nSUSE-SLE-Product-SLES-15-2020-737=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-737=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2020-737=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS:zypper in -t\npatch SUSE-SLE-Product-HPC-15-2020-737=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS:zypper in -t\npatch SUSE-SLE-Product-HPC-15-2020-737=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8130\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libruby2_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libruby2_5-2_5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-devel-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-stdlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libruby2_5-2_5-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libruby2_5-2_5-debuginfo-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-debuginfo-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-debugsource-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-devel-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-devel-extra-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-doc-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-stdlib-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-stdlib-debuginfo-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libruby2_5-2_5-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libruby2_5-2_5-debuginfo-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"ruby2.5-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"ruby2.5-debuginfo-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"ruby2.5-debugsource-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"ruby2.5-devel-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"ruby2.5-devel-extra-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"ruby2.5-stdlib-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"ruby2.5-stdlib-debuginfo-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libruby2_5-2_5-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libruby2_5-2_5-debuginfo-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-debuginfo-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-debugsource-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-devel-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-devel-extra-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-doc-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-stdlib-2.5.7-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-stdlib-debuginfo-2.5.7-4.8.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Recommended update for ruby2.5\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T13:15:17", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS-2020-1422 advisory.\n\n - jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function\n does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery\n determined whether the input was HTML by looking for the '<' character anywhere in the string, giving\n attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery\n only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability\n only to attackers who can control the beginning of a string, which is far less common. (CVE-2012-6708)\n\n - The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to\n cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a\n crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as\n demonstrated by conducting a SQL injection attack against Ruby on Rails, aka Unsafe Object Creation\n Vulnerability. (CVE-2013-0269)\n\n - jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request\n is performed without the dataType option, causing text/javascript responses to be executed.\n (CVE-2015-9251)\n\n - Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows\n an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response\n for the HTTP server of WEBrick. (CVE-2017-17742)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within\n File.fnmatch functions. (CVE-2019-15845)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a\n regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server\n that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a\n program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to\n insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this\n issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not\n address an isolated CR or an isolated LF. (CVE-2019-16254)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first\n argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An\n attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead\n to creation of a malicious object within the interpreter, with adverse effects that are application-\n dependent. (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {}, "published": "2020-08-31T00:00:00", "title": "Amazon Linux AMI : ruby24 (ALAS-2020-1422)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15845", "CVE-2015-9251", "CVE-2012-6708", "CVE-2017-17742", "CVE-2013-0269", "CVE-2020-10663", "CVE-2019-16255", "CVE-2019-16254", "CVE-2019-16201"], "modified": "2020-08-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:rubygem24-power_assert", "p-cpe:/a:amazon:linux:rubygem24-net-telnet", "p-cpe:/a:amazon:linux:rubygem24-rdoc", "p-cpe:/a:amazon:linux:rubygem24-xmlrpc", "p-cpe:/a:amazon:linux:ruby24", "p-cpe:/a:amazon:linux:ruby24-doc", "p-cpe:/a:amazon:linux:ruby24-irb", "p-cpe:/a:amazon:linux:rubygem24-did_you_mean", "p-cpe:/a:amazon:linux:ruby24-debuginfo", "p-cpe:/a:amazon:linux:rubygem24-io-console", "p-cpe:/a:amazon:linux:ruby24-devel", "p-cpe:/a:amazon:linux:rubygems24", "p-cpe:/a:amazon:linux:rubygems24-devel", "p-cpe:/a:amazon:linux:rubygem24-test-unit", "p-cpe:/a:amazon:linux:rubygem24-psych", "p-cpe:/a:amazon:linux:rubygem24-bigdecimal", "p-cpe:/a:amazon:linux:rubygem24-json", "p-cpe:/a:amazon:linux:ruby24-libs", "p-cpe:/a:amazon:linux:rubygem24-minitest5", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1422.NASL", "href": "https://www.tenable.com/plugins/nessus/140096", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1422.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140096);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/31\");\n\n script_cve_id(\n \"CVE-2012-6708\",\n \"CVE-2013-0269\",\n \"CVE-2015-9251\",\n \"CVE-2017-17742\",\n \"CVE-2019-15845\",\n \"CVE-2019-16201\",\n \"CVE-2019-16254\",\n \"CVE-2019-16255\",\n \"CVE-2020-10663\"\n );\n script_bugtraq_id(\n 102792,\n 57899,\n 105658,\n 103684\n );\n script_xref(name:\"ALAS\", value:\"2020-1422\");\n\n script_name(english:\"Amazon Linux AMI : ruby24 (ALAS-2020-1422)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS-2020-1422 advisory.\n\n - jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function\n does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery\n determined whether the input was HTML by looking for the '<' character anywhere in the string, giving\n attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery\n only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability\n only to attackers who can control the beginning of a string, which is far less common. (CVE-2012-6708)\n\n - The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to\n cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a\n crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as\n demonstrated by conducting a SQL injection attack against Ruby on Rails, aka Unsafe Object Creation\n Vulnerability. (CVE-2013-0269)\n\n - jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request\n is performed without the dataType option, causing text/javascript responses to be executed.\n (CVE-2015-9251)\n\n - Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows\n an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response\n for the HTTP server of WEBrick. (CVE-2017-17742)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within\n File.fnmatch functions. (CVE-2019-15845)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a\n regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server\n that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a\n program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to\n insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this\n issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not\n address an isolated CR or an isolated LF. (CVE-2019-16254)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first\n argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An\n attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead\n to creation of a malicious object within the interpreter, with adverse effects that are application-\n dependent. (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1422.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2012-6708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2015-9251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10663\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update ruby24' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0269\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-did_you_mean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-minitest5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-net-telnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-power_assert\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-test-unit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'ruby24-2.4.10-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby24-2.4.10-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ruby24-debuginfo-2.4.10-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby24-debuginfo-2.4.10-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ruby24-devel-2.4.10-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby24-devel-2.4.10-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ruby24-doc-2.4.10-2.12.amzn1', 'release':'ALA'},\n {'reference':'ruby24-irb-2.4.10-2.12.amzn1', 'release':'ALA'},\n {'reference':'ruby24-libs-2.4.10-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby24-libs-2.4.10-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem24-bigdecimal-1.3.2-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem24-bigdecimal-1.3.2-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem24-did_you_mean-1.1.0-2.12.amzn1', 'release':'ALA'},\n {'reference':'rubygem24-io-console-0.4.6-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem24-io-console-0.4.6-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem24-json-2.0.4-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem24-json-2.0.4-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem24-minitest5-5.10.1-2.12.amzn1', 'release':'ALA'},\n {'reference':'rubygem24-net-telnet-0.1.1-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem24-net-telnet-0.1.1-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem24-power_assert-0.4.1-2.12.amzn1', 'release':'ALA'},\n {'reference':'rubygem24-psych-2.2.2-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem24-psych-2.2.2-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem24-rdoc-5.0.1-2.12.amzn1', 'release':'ALA'},\n {'reference':'rubygem24-test-unit-3.2.3-2.12.amzn1', 'release':'ALA'},\n {'reference':'rubygem24-xmlrpc-0.2.1-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem24-xmlrpc-0.2.1-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygems24-2.6.14.4-2.12.amzn1', 'release':'ALA'},\n {'reference':'rubygems24-devel-2.6.14.4-2.12.amzn1', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby24 / ruby24-debuginfo / ruby24-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-08-28T15:09:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6708"], "description": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The\njQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable\nversions, jQuery determined whether the input was HTML by looking for the ", "modified": "2019-08-27T00:00:00", "published": "2018-11-01T00:00:00", "id": "OPENVAS:1361412562310141636", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310141636", "type": "openvas", "title": "jQuery < 1.9.0 XSS Vulnerability", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# jQuery < 1.9.0 XSS Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:jquery:jquery\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.141636\");\n script_version(\"2019-08-27T12:52:16+0000\");\n script_tag(name:\"last_modification\", value:\"2019-08-27 12:52:16 +0000 (Tue, 27 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-01 16:13:37 +0700 (Thu, 01 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2012-6708\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"jQuery < 1.9.0 XSS Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_jquery_detect.nasl\");\n script_mandatory_keys(\"jquery/detected\");\n\n script_tag(name:\"summary\", value:\"jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The\njQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable\nversions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string,\ngiving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only\ndeems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to\nattackers who can control the beginning of a string, which is far less common.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"jQuery prior to version 1.9.0.\");\n\n script_tag(name:\"solution\", value:\"Update to version 1.9.0 or later.\");\n\n script_xref(name:\"URL\", value:\"https://bugs.jquery.com/ticket/11290\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\n\nif (version_is_less(version: version, test_version: \"1.9.0\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"1.9.0\", install_path: infos[\"location\"]);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-21T19:30:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15845", "CVE-2015-9251", "CVE-2012-6708", "CVE-2020-8130", "CVE-2019-16255", "CVE-2019-16254", "CVE-2019-16201"], "description": "The remote host is missing an update for the ", "modified": "2020-07-03T00:00:00", "published": "2020-03-29T00:00:00", "id": "OPENVAS:1361412562310853086", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853086", "type": "openvas", "title": "openSUSE: Security Advisory for Recommended (openSUSE-SU-2020:0395-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853086\");\n script_version(\"2020-07-03T07:30:29+0000\");\n script_cve_id(\"CVE-2012-6708\", \"CVE-2015-9251\", \"CVE-2019-15845\", \"CVE-2019-16201\", \"CVE-2019-16254\", \"CVE-2019-16255\", \"CVE-2020-8130\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-03 07:30:29 +0000 (Fri, 03 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-29 03:02:16 +0000 (Sun, 29 Mar 2020)\");\n script_name(\"openSUSE: Security Advisory for Recommended (openSUSE-SU-2020:0395-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0395-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Recommended'\n package(s) announced via the openSUSE-SU-2020:0395-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ruby2.5 toversion 2.5.7 fixes the following issues:\n\n ruby 2.5 was updated to version 2.5.7\n\n - CVE-2020-8130: Fixed a command injection in intree copy of rake\n (bsc#1164804).\n\n - CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and\n Shell#test (bsc#1152990).\n\n - CVE-2019-16254: Fixed am HTTP response splitting in WEBrick\n (bsc#1152992).\n\n - CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and\n File.fnmatch? (bsc#1152994).\n\n - CVE-2019-16201: Fixed a regular expression denial of service of WEBrick\n Digest access authentication (bsc#1152995).\n\n - CVE-2012-6708: Fixed an XSS in JQuery\n\n - CVE-2015-9251: Fixed an XSS in JQuery\n\n - Fixed unit tests (bsc#1140844)\n\n - Removed some unneeded test files (bsc#1162396).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-395=1\");\n\n script_tag(name:\"affected\", value:\"'Recommended' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-doc-ri\", rpm:\"ruby2.5-doc-ri~2.5.7~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libruby2_5-2_5\", rpm:\"libruby2_5-2_5~2.5.7~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libruby2_5-2_5-debuginfo\", rpm:\"libruby2_5-2_5-debuginfo~2.5.7~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5\", rpm:\"ruby2.5~2.5.7~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-debuginfo\", rpm:\"ruby2.5-debuginfo~2.5.7~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-debugsource\", rpm:\"ruby2.5-debugsource~2.5.7~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-devel\", rpm:\"ruby2.5-devel~2.5.7~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-devel-extra\", rpm:\"ruby2.5-devel-extra~2.5.7~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-doc\", rpm:\"ruby2.5-doc~2.5.7~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-stdlib\", rpm:\"ruby2.5-stdlib~2.5.7~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"uby2.5-stdlib-debuginfo\", rpm:\"uby2.5-stdlib-debuginfo~2.5.7~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "freebsd": [{"lastseen": "2019-08-31T13:40:35", "bulletinFamily": "unix", "cvelist": ["CVE-2015-9251", "CVE-2012-6708"], "description": "\nRuby news:\n\nThere are multiple vulnerabilities about Cross-Site Scripting (XSS) in\n\t jQuery shipped with RDoc which bundled in Ruby. All Ruby users are\n\t recommended to update Ruby to the latest release which includes the\n\t fixed version of RDoc.\nThe following vulnerabilities have been reported.\nCVE-2012-6708\nCVE-2015-9251\n\n", "edition": 2, "modified": "2019-08-31T00:00:00", "published": "2019-08-28T00:00:00", "id": "ED8D5535-CA78-11E9-980B-999FF59C22EA", "href": "https://vuxml.freebsd.org/freebsd/ed8d5535-ca78-11e9-980b-999ff59c22ea.html", "title": "RDoc -- multiple jQuery vulnerabilities", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6708", "CVE-2015-9251"], "description": "Arch Linux Security Advisory ASA-201910-4\n=========================================\n\nSeverity: Medium\nDate : 2019-10-02\nCVE-ID : CVE-2012-6708 CVE-2015-9251\nPackage : ruby-rdoc\nType : cross-site scripting\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1041\n\nSummary\n=======\n\nThe package ruby-rdoc before version 6.1.2-1 is vulnerable to cross-\nsite scripting.\n\nResolution\n==========\n\nUpgrade to 6.1.2-1.\n\n# pacman -Syu \"ruby-rdoc>=6.1.2-1\"\n\nThe problems have been fixed upstream in version 6.1.2.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2012-6708 (cross-site scripting)\n\njQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS)\nattacks. The jQuery(strInput) function does not differentiate selectors\nfrom HTML in a reliable fashion. In vulnerable versions, jQuery\ndetermined whether the input was HTML by looking for the '<' character\nanywhere in the string, giving attackers more flexibility when\nattempting to construct a malicious payload. In fixed versions, jQuery\nonly deems the input to be HTML if it explicitly starts with the '<'\ncharacter, limiting exploitability only to attackers who can control\nthe beginning of a string, which is far less common.\n\n- CVE-2015-9251 (cross-site scripting)\n\njQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks\nwhen a cross-domain Ajax request is performed without the dataType\noption, causing text/javascript responses to be executed.\n\nImpact\n======\n\nAn attacker is able to perform cross-side scripting attacks by tricking\nusers to generate documentation with a vulnerable RDoc version. RDoc is\na static documentation generation tool, patching the tool itself is\ninsufficient to mitigate these vulnerabilities. Documentations\ngenerated with previous versions have to be re-generated with newer\nRDoc.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/63978\nhttps://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/\nhttps://bugs.jquery.com/ticket/11290\nhttps://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d\nhttps://github.com/jquery/jquery/issues/2432\nhttps://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc\nhttps://security.archlinux.org/CVE-2012-6708\nhttps://security.archlinux.org/CVE-2015-9251", "modified": "2019-10-02T00:00:00", "published": "2019-10-02T00:00:00", "id": "ASA-201910-4", "href": "https://security.archlinux.org/ASA-201910-4", "type": "archlinux", "title": "[ASA-201910-4] ruby-rdoc: cross-site scripting", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-09-22T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6708", "CVE-2015-9251", "CVE-2017-17742", "CVE-2019-15845", "CVE-2019-16201", "CVE-2019-16254", "CVE-2019-16255"], "description": "Arch Linux Security Advisory ASA-201910-5\n=========================================\n\nSeverity: Medium\nDate : 2019-10-02\nCVE-ID : CVE-2012-6708 CVE-2015-9251 CVE-2019-15845 CVE-2019-16201\nCVE-2019-16254 CVE-2019-16255\nPackage : ruby2.5\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1040\n\nSummary\n=======\n\nThe package ruby2.5 before version 2.5.7-1 is vulnerable to multiple\nissues including arbitrary code execution, content spoofing, cross-site\nscripting, denial of service and insufficient validation.\n\nResolution\n==========\n\nUpgrade to 2.5.7-1.\n\n# pacman -Syu \"ruby2.5>=2.5.7-1\"\n\nThe problems have been fixed upstream in version 2.5.7.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2012-6708 (cross-site scripting)\n\njQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS)\nattacks. The jQuery(strInput) function does not differentiate selectors\nfrom HTML in a reliable fashion. In vulnerable versions, jQuery\ndetermined whether the input was HTML by looking for the '<' character\nanywhere in the string, giving attackers more flexibility when\nattempting to construct a malicious payload. In fixed versions, jQuery\nonly deems the input to be HTML if it explicitly starts with the '<'\ncharacter, limiting exploitability only to attackers who can control\nthe beginning of a string, which is far less common.\n\n- CVE-2015-9251 (cross-site scripting)\n\njQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks\nwhen a cross-domain Ajax request is performed without the dataType\noption, causing text/javascript responses to be executed.\n\n- CVE-2019-15845 (insufficient validation)\n\nIt has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is\nvulnerable to NUL injection in built-in methods (File.fnmatch and\nFile.fnmatch?). An attacker who has the control of the path pattern\nparameter could exploit this vulnerability to make path matching pass\ndespite the intention of the program author.\nThe Built-in methods File.fnmatch and its alias File.fnmatch? accept\nthe path pattern as their first parameter. When the pattern contains\nNUL character (\\0), the methods recognize that the path pattern ends\nimmediately before the NUL byte. Therefore, a script that uses an\nexternal input as the pattern argument, an attacker can make it wrongly\nmatch a pathname that is the second parameter.\n\n- CVE-2019-16201 (denial of service)\n\nIt has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is\nvulnerable to denial of service via regular expressions in WEBrick's\nDigest access authentication module. An attacker can exploit this\nvulnerability to cause an effective denial of service against a WEBrick\nservice.\n\n- CVE-2019-16254 (content spoofing)\n\nIt has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is\nvulnerable to HTTP response splitting in WEBrick bundled with Ruby. If\na program using WEBrick inserts untrusted input into the response\nheader, an attacker can exploit it to insert a newline character to\nsplit a header, and inject malicious content to deceive clients.\nThis is the same issue as CVE-2017-17742. The previous fix was\nincomplete, which addressed the CRLF vector, but did not address an\nisolated CR or an isolated LF.\n\n- CVE-2019-16255 (arbitrary code execution)\n\nIt has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is\nvulnerable to code injection. Shell#[] and its alias Shell#test defined\nin lib/shell.rb allow code injection if the first argument (aka the\n\u201ccommand\u201d argument) is untrusted data. An attacker can exploit this to\ncall an arbitrary Ruby method.\n\nImpact\n======\n\nA remote attacker is able to bypass path restrictions, perform a denial\nof service attack, inject malicious content or call an arbitrary Ruby\nmethod under certain circumstances. Furthermore, an attacker is able to\nperform cross-side scripting attacks by tricking users to generate\ndocumentation with a vulnerable RDoc version. RDoc is a static\ndocumentation generation tool, patching the tool itself is insufficient\nto mitigate these vulnerabilities. Documentations generated with\nprevious versions have to be re-generated with newer RDoc.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/63977\nhttps://www.ruby-lang.org/en/news/2019/10/01/ruby-2-5-7-released/\nhttps://bugs.jquery.com/ticket/11290\nhttps://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d\nhttps://github.com/jquery/jquery/issues/2432\nhttps://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc\nhttps://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/\nhttps://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/\nhttps://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/\nhttps://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/\nhttps://security.archlinux.org/CVE-2012-6708\nhttps://security.archlinux.org/CVE-2015-9251\nhttps://security.archlinux.org/CVE-2019-15845\nhttps://security.archlinux.org/CVE-2019-16201\nhttps://security.archlinux.org/CVE-2019-16254\nhttps://security.archlinux.org/CVE-2019-16255", "modified": "2019-10-02T00:00:00", "published": "2019-10-02T00:00:00", "id": "ASA-201910-5", "href": "https://security.archlinux.org/ASA-201910-5", "type": "archlinux", "title": "[ASA-201910-5] ruby2.5: multiple issues", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "hackerone": [{"lastseen": "2019-10-03T11:31:40", "bulletinFamily": "bugbounty", "bounty": 0.0, "cvelist": ["CVE-2012-6708", "CVE-2015-9251"], "description": "No this isn't a report about the website!\n\nRuby ships Darkfish as part of RDoc\n\nhttps://github.com/ruby/ruby/tree/HEAD/lib/rdoc/generator/template/darkfish\nhttps://github.com/ruby/rdoc/tree/master/lib/rdoc/generator/template/darkfish\nhttps://github.com/ged/darkfish\n\nDarkfish includes jQuery v1.6.4, which is vulnerable to multiple CVEs, for example\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-6708\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\n\nNow I'm not sure how applicable these CVEs are to the generated HTML, or how likely it is someone would use the jQuery from this file in the rest of their site accidentally by including generated HTML, but I do think it's a problem to be shipping a version of jQuery that is getting towards a decade old.\n\nMaybe Darkfish should update? But who's going to do that work?\n\nMaybe we shouldn't ship Darkfish if nobody can update it?\n\nWhat do people think should be done? I ship my own implementation of Ruby and I'm not happy with shipping this old version so may have to remove Darkfish myself.\n\n## Impact\n\nLow. Possibly a risk that someone includes RDoc generated HTML on their site and accidentally uses this jQuery for the rest of their site and makes themselves vulnerable to the CVEs.", "modified": "2019-10-03T11:12:26", "published": "2019-03-30T14:10:34", "id": "H1:519061", "href": "https://hackerone.com/reports/519061", "type": "hackerone", "title": "Ruby: Ruby is shipping a vulnerable jQuery", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2020-03-29T02:37:26", "bulletinFamily": "unix", "cvelist": ["CVE-2019-15845", "CVE-2015-9251", "CVE-2012-6708", "CVE-2020-8130", "CVE-2019-16255", "CVE-2019-16254", "CVE-2019-16201"], "description": "This update for ruby2.5 toversion 2.5.7 fixes the following issues:\n\n ruby 2.5 was updated to version 2.5.7\n\n - CVE-2020-8130: Fixed a command injection in intree copy of rake\n (bsc#1164804).\n - CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and\n Shell#test (bsc#1152990).\n - CVE-2019-16254: Fixed am HTTP response splitting in WEBrick\n (bsc#1152992).\n - CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and\n File.fnmatch? (bsc#1152994).\n - CVE-2019-16201: Fixed a regular expression denial of service of WEBrick\n Digest access authentication (bsc#1152995).\n - CVE-2012-6708: Fixed an XSS in JQuery\n - CVE-2015-9251: Fixed an XSS in JQuery\n - Fixed unit tests (bsc#1140844)\n - Removed some unneeded test files (bsc#1162396).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-03-29T00:16:31", "published": "2020-03-29T00:16:31", "id": "OPENSUSE-SU-2020:0395-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", "title": "Recommended update for ruby2.5 (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:48", "bulletinFamily": "unix", "cvelist": ["CVE-2019-15845", "CVE-2015-9251", "CVE-2012-6708", "CVE-2017-17742", "CVE-2013-0269", "CVE-2020-10663", "CVE-2019-16255", "CVE-2019-16254", "CVE-2019-16201"], "description": "**Issue Overview:**\n\nRuby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for [CVE-2017-17742 __](<https://access.redhat.com/security/cve/CVE-2017-17742>), which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. ([CVE-2019-16254 __](<https://access.redhat.com/security/cve/CVE-2019-16254>))\n\nRuby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the \"command\" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. ([CVE-2019-16255 __](<https://access.redhat.com/security/cve/CVE-2019-16255>))\n\njQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. ([CVE-2015-9251 __](<https://access.redhat.com/security/cve/CVE-2015-9251>))\n\nThe JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to [CVE-2013-0269 __](<https://access.redhat.com/security/cve/CVE-2013-0269>), but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. ([CVE-2020-10663 __](<https://access.redhat.com/security/cve/CVE-2020-10663>))\n\njQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. ([CVE-2012-6708 __](<https://access.redhat.com/security/cve/CVE-2012-6708>))\n\nWEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. ([CVE-2019-16201 __](<https://access.redhat.com/security/cve/CVE-2019-16201>))\n\nRuby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby script access unexpected files and to bypass intended file system access restrictions. ([CVE-2019-15845 __](<https://access.redhat.com/security/cve/CVE-2019-15845>)) \n\n\n \n**Affected Packages:** \n\n\nruby24\n\n \n**Issue Correction:** \nRun _yum update ruby24_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n rubygem24-psych-2.2.2-2.12.amzn1.i686 \n ruby24-libs-2.4.10-2.12.amzn1.i686 \n rubygem24-bigdecimal-1.3.2-2.12.amzn1.i686 \n ruby24-devel-2.4.10-2.12.amzn1.i686 \n ruby24-debuginfo-2.4.10-2.12.amzn1.i686 \n rubygem24-io-console-0.4.6-2.12.amzn1.i686 \n ruby24-2.4.10-2.12.amzn1.i686 \n rubygem24-xmlrpc-0.2.1-2.12.amzn1.i686 \n rubygem24-net-telnet-0.1.1-2.12.amzn1.i686 \n rubygem24-json-2.0.4-2.12.amzn1.i686 \n \n noarch: \n rubygems24-2.6.14.4-2.12.amzn1.noarch \n rubygem24-did_you_mean-1.1.0-2.12.amzn1.noarch \n rubygems24-devel-2.6.14.4-2.12.amzn1.noarch \n rubygem24-power_assert-0.4.1-2.12.amzn1.noarch \n rubygem24-rdoc-5.0.1-2.12.amzn1.noarch \n rubygem24-minitest5-5.10.1-2.12.amzn1.noarch \n ruby24-irb-2.4.10-2.12.amzn1.noarch \n ruby24-doc-2.4.10-2.12.amzn1.noarch \n rubygem24-test-unit-3.2.3-2.12.amzn1.noarch \n \n src: \n ruby24-2.4.10-2.12.amzn1.src \n \n x86_64: \n ruby24-2.4.10-2.12.amzn1.x86_64 \n rubygem24-bigdecimal-1.3.2-2.12.amzn1.x86_64 \n rubygem24-json-2.0.4-2.12.amzn1.x86_64 \n ruby24-devel-2.4.10-2.12.amzn1.x86_64 \n ruby24-libs-2.4.10-2.12.amzn1.x86_64 \n rubygem24-xmlrpc-0.2.1-2.12.amzn1.x86_64 \n ruby24-debuginfo-2.4.10-2.12.amzn1.x86_64 \n rubygem24-psych-2.2.2-2.12.amzn1.x86_64 \n rubygem24-io-console-0.4.6-2.12.amzn1.x86_64 \n rubygem24-net-telnet-0.1.1-2.12.amzn1.x86_64 \n \n \n", "edition": 2, "modified": "2020-08-26T23:09:00", "published": "2020-08-26T23:09:00", "id": "ALAS-2020-1422", "href": "https://alas.aws.amazon.com/ALAS-2020-1422.html", "title": "Important: ruby24", "type": "amazon", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}
