Lucene search

[email protected]CVE-2014-2538

HistoryMar 25, 2014 - 6:21 p.m.

CVE-2014-2538

2014-03-2518:21:48

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-2538

cross-site scripting

xss vulnerability

rack-ssl gem

ruby

remote attackers

arbitrary web script

html

uri

jruby-rack

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack.

Affected configurations

NVD

Node

joshua_peekrack-sslRange≤1.3.4ruby

joshua_peekrack-sslMatch1.0.0ruby

joshua_peekrack-sslMatch1.1.0ruby

joshua_peekrack-sslMatch1.2.0ruby

joshua_peekrack-sslMatch1.3.0ruby

joshua_peekrack-sslMatch1.3.1ruby

joshua_peekrack-sslMatch1.3.2ruby

joshua_peekrack-sslMatch1.3.3ruby

CPENameOperatorVersion
joshua_peek:rack-ssljoshua peek rack-sslle1.3.4
joshua_peek:rack-ssljoshua peek rack-ssleq1.0.0
joshua_peek:rack-ssljoshua peek rack-ssleq1.1.0
joshua_peek:rack-ssljoshua peek rack-ssleq1.2.0
joshua_peek:rack-ssljoshua peek rack-ssleq1.3.0
joshua_peek:rack-ssljoshua peek rack-ssleq1.3.1
joshua_peek:rack-ssljoshua peek rack-ssleq1.3.2
joshua_peek:rack-ssljoshua peek rack-ssleq1.3.3

CPE	Name	Operator	Version
joshua_peek:rack-ssl	joshua peek rack-ssl	le	1.3.4
joshua_peek:rack-ssl	joshua peek rack-ssl	eq	1.0.0
joshua_peek:rack-ssl	joshua peek rack-ssl	eq	1.1.0
joshua_peek:rack-ssl	joshua peek rack-ssl	eq	1.2.0
joshua_peek:rack-ssl	joshua peek rack-ssl	eq	1.3.0
joshua_peek:rack-ssl	joshua peek rack-ssl	eq	1.3.1
joshua_peek:rack-ssl	joshua peek rack-ssl	eq	1.3.2
joshua_peek:rack-ssl	joshua peek rack-ssl	eq	1.3.3