CVE-2013-0155

🗓️ 13 Jan 2013 22:00:00Reported by Debian Security Bug TrackerType

debiancve

debiancve🔗 security-tracker.debian.org👁 45 Views

Ruby on Rails parameter handling vulnerabilit

Reporter	Title	Published	Views	Family All 123
IBM Security Bulletins	Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)	25 Jan 202120:13	–	ibm
ATTACKERKB	CVE-2013-0155	13 Jan 201322:55	–	attackerkb
FreeBSD	rubygem-rails -- multiple vulnerabilities	8 Jan 201300:00	–	freebsd
CVE	CVE-2013-0155	13 Jan 201322:00	–	cve
Cvelist	CVE-2013-0155	13 Jan 201322:00	–	cvelist
Debian	[SECURITY] [DSA 2609-1] rails security update	16 Jan 201321:17	–	debian
Tenable Nessus	Debian DSA-2609-1 : rails - SQL query manipulation	17 Jan 201300:00	–	nessus
Tenable Nessus	Fedora 18 : rubygem-actionpack-3.2.8-2.fc18 / rubygem-activerecord-3.2.8-3.fc18 / etc (2013-0568)	21 Jan 201300:00	–	nessus
Tenable Nessus	Fedora 17 : rubygem-actionpack-3.0.11-8.fc17 / rubygem-activemodel-3.0.11-2.fc17 / etc (2013-0635)	23 Jan 201300:00	–	nessus
Tenable Nessus	Fedora 16 : rubygem-actionpack-3.0.10-10.fc16 / rubygem-activemodel-3.0.10-2.fc16 / etc (2013-0686)	23 Jan 201300:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Debian	11	any	rails	2.3.14.1	rails_2.3.14.1_any.deb
Debian	12	any	rails	2.3.14.1	rails_2.3.14.1_any.deb
Debian	13	any	rails	2.3.14.1	rails_2.3.14.1_any.deb
Debian	14	any	rails	2.3.14.1	rails_2.3.14.1_any.deb
Debian	999	any	rails	2.3.14.1	rails_2.3.14.1_any.deb

13 Jan 2013 22:00Current

7.4High risk

Vulners AI Score7.4

CVSS 26.4

EPSS0.18174

ruby on rails parameter handling database query remote attackers json unix cve-2013-0155