Lucene search

[email protected]CVE-2013-1812

HistoryDec 12, 2013 - 6:55 p.m.

CVE-2013-1812

2013-12-1218:55:10

CWE-399

[email protected]

web.nvd.nist.gov

ruby

openid

gem

2.2.2

denial of service

cpu consumption

xrds

xml entity expansion

xee

attack

nvd

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.6%

JSON

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.

Affected configurations

NVD

Node

fedoraprojectfedoraMatch17

fedoraprojectfedoraMatch18

Node

janrainruby-openidRange≤2.2.1---ruby

janrainruby-openidMatch2.2.0---ruby

CPENameOperatorVersion
fedoraproject:fedorafedoraproject fedoraeq17
fedoraproject:fedorafedoraproject fedoraeq18

CPE	Name	Operator	Version
fedoraproject:fedora	fedoraproject fedora	eq	17
fedoraproject:fedora	fedoraproject fedora	eq	18

References

lists.fedoraproject.org/pipermail/package-announce/2013-November/120204.html

lists.fedoraproject.org/pipermail/package-announce/2013-November/120361.html

www.openwall.com/lists/oss-security/2013/03/03/8

bugzilla.redhat.com/show_bug.cgi?id=918134

github.com/openid/ruby-openid/blob/master/CHANGELOG.md

github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed

github.com/openid/ruby-openid/pull/43

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for CVE-2013-1812

nessus3 prion1 openvas3 nvd1 fedora2 debiancve1 gentoo1 github1 osv1 cvelist1 ubuntucve1 rosalinux1