{"fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-03-11T17:01:21", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-2.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1098", "CVE-2012-1099"], "modified": "2012-03-11T17:01:21", "id": "FEDORA:CDADE2134C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N6WHF6SQ5Y3TBUO3TBYDTP2FUEPUNS7C/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Utility library which carries commonly used classes and goodies from the Rails framework ", "cvss3": {}, "published": "2012-03-17T23:41:07", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-2.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1098", "CVE-2012-1099"], "modified": "2012-03-17T23:41:07", "id": "FEDORA:82B0820F48", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QE7EJFHQWJYIUMX4ZNIIFKKI5SSUTPVE/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-03-17T23:41:07", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-3.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4319", "CVE-2012-1098", "CVE-2012-1099"], "modified": "2012-03-17T23:41:07", "id": "FEDORA:79C4F20EDE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W4HJDZAS2H3XAC2RZCOZZJJ7X5OHVONL/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-06-15T00:29:09", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-6.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4319", "CVE-2012-1098", "CVE-2012-1099", "CVE-2012-2660"], "modified": "2012-06-15T00:29:09", "id": "FEDORA:1946120C02", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BEM57EL4ADZIMINYCH6X4XL4GNSSVJIG/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-06-30T08:26:22", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-7.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4319", "CVE-2012-1098", "CVE-2012-1099", "CVE-2012-2660", "CVE-2012-2694"], "modified": "2012-06-30T08:26:22", "id": "FEDORA:4559220F4C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JA5XSJDFCG643U33KJJV2REECGGDMDAD/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-08-09T23:26:17", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-8.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4319", "CVE-2012-1098", "CVE-2012-1099", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-3424"], "modified": "2012-08-09T23:26:17", "id": "FEDORA:8AEB121931", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OJFIPJMJRINRXZQZMLGQRNLOZ7NQBBKA/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Utility library which carries commonly used classes and goodies from the Rails framework ", "cvss3": {}, "published": "2012-08-22T21:13:38", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-4.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1098", "CVE-2012-3464"], "modified": "2012-08-22T21:13:38", "id": "FEDORA:A88B821031", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RPHGIPNYTIR3WIVJO4JZYFW4U5MP3K7Y/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-08-22T20:58:55", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-9.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4319", "CVE-2012-1098", "CVE-2012-1099", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-3424", "CVE-2012-3463", "CVE-2012-3464", "CVE-2012-3465"], "modified": "2012-08-22T20:58:55", "id": "FEDORA:68E0120EF2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GRBCFEQUKGIGKY2NI6GOPJ4CBTLJLVSJ/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-03-17T23:51:39", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: rubygem-actionpack-3.0.5-6.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2197", "CVE-2011-4319", "CVE-2012-1099"], "modified": "2012-03-17T23:51:39", "id": "FEDORA:CC91B21827", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VSAKN7S7DRRNYGINLTK3ZIK7PK6M7TLW/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2013-01-23T01:34:00", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-10.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4319", "CVE-2012-1098", "CVE-2012-1099", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-3424", "CVE-2012-3463", "CVE-2012-3464", "CVE-2012-3465", "CVE-2013-0155", "CVE-2013-0156"], "modified": "2013-01-23T01:34:00", "id": "FEDORA:0132C20F1D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/V4PP7M5QV2BAWIB6NX4BKBYN7C7OV4OJ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-06-15T12:33:31", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: rubygem-actionpack-3.0.5-8.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2197", "CVE-2011-4319", "CVE-2012-1099", "CVE-2012-2660"], "modified": "2012-06-15T12:33:31", "id": "FEDORA:B5E2821466", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/I2QAPX5OAIZ25J66TQQPQ5HOHZQOUZXM/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Utility library which carries commonly used classes and goodies from the Rails framework ", "cvss3": {}, "published": "2013-01-23T01:34:00", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-5.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1098", "CVE-2012-3464", "CVE-2013-0155", "CVE-2013-0156"], "modified": "2013-01-23T01:34:00", "id": "FEDORA:30B5421034", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MEWBF4DBRXEBIJYF6I6FG6PEIRRZIJBJ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Utility library which carries commonly used classes and goodies from the Rails framework ", "cvss3": {}, "published": "2013-02-10T04:28:15", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-6.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1098", "CVE-2012-3464", "CVE-2013-0156", "CVE-2013-0333"], "modified": "2013-02-10T04:28:15", "id": "FEDORA:7CA97208B8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UIDY62BMIY3VS5EZHWP5OTGR2IROYOMQ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-01-02T10:56:20", "description": "Check for the Version of rubygem-activesupport", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2012-3321", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2012-1098"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:863769", "href": "http://plugins.openvas.org/nasl.php?oid=863769", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2012-3321\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-activesupport on Fedora 16\";\ntag_insight = \"Utility library which carries commonly used classes and\n goodies from the Rails framework\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html\");\n script_id(863769);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:14:49 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-3321\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2012-3321\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activesupport\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.10~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-08T12:57:44", "description": "Check for the Version of rubygem-activesupport", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2012-3166", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2012-1098"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:864435", "href": "http://plugins.openvas.org/nasl.php?oid=864435", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2012-3166\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-activesupport on Fedora 17\";\ntag_insight = \"Utility library which carries commonly used classes and\n goodies from the Rails framework\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075080.html\");\n script_id(864435);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:09:38 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-3166\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2012-3166\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activesupport\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.11~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-06T13:07:22", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-3166", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2012-1098"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:864348", "href": "http://plugins.openvas.org/nasl.php?oid=864348", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-3166\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 17\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075079.html\");\n script_id(864348);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:04:31 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-3166\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-3166\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2012-3321", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863769", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863769", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2012-3321\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863769\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:14:49 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-3321\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2012-3321\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activesupport'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-activesupport on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.10~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2012-3166", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864435", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2012-3166\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075080.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864435\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:09:38 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-3166\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2012-3166\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activesupport'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-activesupport on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.11~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-3166", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864348", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864348", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-3166\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075079.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864348\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:04:31 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-3166\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-3166\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-3321", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863810", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863810", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-3321\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075676.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863810\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:19:11 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-3321\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-3321\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-18T11:06:57", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-3321", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2012-1098"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:863810", "href": "http://plugins.openvas.org/nasl.php?oid=863810", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-3321\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 16\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075676.html\");\n script_id(863810);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:19:11 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-3321\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-3321\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-06-15T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-8883", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864444", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864444", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-8883\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082226.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864444\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-15 09:44:08 +0530 (Fri, 15 Jun 2012)\");\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-8883\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-8883\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~6.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2018-01-06T13:06:21", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-06-15T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-8883", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-1098"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:864444", "href": "http://plugins.openvas.org/nasl.php?oid=864444", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-8883\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 16\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082226.html\");\n script_id(864444);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-15 09:44:08 +0530 (Fri, 15 Jun 2012)\");\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-8883\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-8883\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~6.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:58:21", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-07-03T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-9636", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-1098"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:864521", "href": "http://plugins.openvas.org/nasl.php?oid=864521", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-9636\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 16\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083135.html\");\n script_id(864521);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-03 10:24:17 +0530 (Tue, 03 Jul 2012)\");\n script_cve_id(\"CVE-2012-2694\", \"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\",\n \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-9636\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-9636\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~7.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-03T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-9636", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864521", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864521", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-9636\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083135.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864521\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-03 10:24:17 +0530 (Tue, 03 Jul 2012)\");\n script_cve_id(\"CVE-2012-2694\", \"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\",\n \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-9636\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-9636\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~7.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-24T12:50:55", "description": "The remote host is missing an update to rails\nannounced via advisory DSA 2466-1.", "cvss3": {}, "published": "2012-05-31T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2466-1 (rails)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71345", "href": "http://plugins.openvas.org/nasl.php?oid=71345", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2466_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2466-1 (rails)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sergey Nartimov discovered that in Rails, a Ruby based framework for\nweb development, when developers generate html options tags manually,\nuser input concatenated with manually built tags may not be escaped\nand an attacker can inject arbitrary HTML into the document.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze3.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 2.3.14.\n\nWe recommend that you upgrade your rails packages.\";\ntag_summary = \"The remote host is missing an update to rails\nannounced via advisory DSA 2466-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202466-1\";\n\nif(description)\n{\n script_id(71345);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2012-1099\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-31 11:44:05 -0400 (Thu, 31 May 2012)\");\n script_name(\"Debian Security Advisory DSA 2466-1 (rails)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activeresource\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:01", "description": "The remote host is missing an update to rails\nannounced via advisory DSA 2466-1.", "cvss3": {}, "published": "2012-05-31T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2466-1 (rails)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231071345", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071345", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2466_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2466-1 (rails)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71345\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2012-1099\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-31 11:44:05 -0400 (Thu, 31 May 2012)\");\n script_name(\"Debian Security Advisory DSA 2466-1 (rails)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202466-1\");\n script_tag(name:\"insight\", value:\"Sergey Nartimov discovered that in Rails, a Ruby based framework for\nweb development, when developers generate html options tags manually,\nuser input concatenated with manually built tags may not be escaped\nand an attacker can inject arbitrary HTML into the document.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze3.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 2.3.14.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your rails packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to rails\nannounced via advisory DSA 2466-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activeresource\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-14T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-11353", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2012-3424", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864619", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864619", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-11353\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084854.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864619\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-14 10:38:12 +0530 (Tue, 14 Aug 2012)\");\n script_cve_id(\"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-11353\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-11353\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~8.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2018-01-02T10:56:31", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-08-14T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-11353", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2012-3424", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-1098"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:864619", "href": "http://plugins.openvas.org/nasl.php?oid=864619", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-11353\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 16\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084854.html\");\n script_id(864619);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-14 10:38:12 +0530 (Tue, 14 Aug 2012)\");\n script_cve_id(\"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-11353\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-11353\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~8.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-03T10:57:37", "description": "Check for the Version of rubygem-activesupport", "cvss3": {}, "published": "2012-08-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2012-11880", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3464", "CVE-2012-1098"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:864641", "href": "http://plugins.openvas.org/nasl.php?oid=864641", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2012-11880\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-activesupport on Fedora 16\";\ntag_insight = \"Utility library which carries commonly used classes and\n goodies from the Rails framework\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085497.html\");\n script_id(864641);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-24 09:54:27 +0530 (Fri, 24 Aug 2012)\");\n script_cve_id(\"CVE-2012-3464\", \"CVE-2012-1098\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-11880\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2012-11880\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activesupport\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.10~4.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2012-11880", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3464", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864641", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864641", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2012-11880\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085497.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864641\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-24 09:54:27 +0530 (Fri, 24 Aug 2012)\");\n script_cve_id(\"CVE-2012-3464\", \"CVE-2012-1098\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-11880\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2012-11880\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activesupport'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-activesupport on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.10~4.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-11T11:07:39", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-08-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-11870", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3463", "CVE-2012-3465", "CVE-2012-1099", "CVE-2012-3424", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-3464", "CVE-2012-2694", "CVE-2012-1098"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:864635", "href": "http://plugins.openvas.org/nasl.php?oid=864635", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-11870\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 16\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085415.html\");\n script_id(864635);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-24 09:53:13 +0530 (Fri, 24 Aug 2012)\");\n script_cve_id(\"CVE-2012-3463\", \"CVE-2012-3464\", \"CVE-2012-3465\", \"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-11870\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-11870\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-11870", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3463", "CVE-2012-3465", "CVE-2012-1099", "CVE-2012-3424", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-3464", "CVE-2012-2694", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864635", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864635", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-11870\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085415.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864635\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-24 09:53:13 +0530 (Fri, 24 Aug 2012)\");\n script_cve_id(\"CVE-2012-3463\", \"CVE-2012-3464\", \"CVE-2012-3465\", \"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-11870\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-11870\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-3355", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2011-2197"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864039", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-3355\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864039\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:04:22 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-1099\", \"CVE-2011-4319\", \"CVE-2011-2197\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-3355\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-3355\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.5~6.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-02T10:56:21", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-3355", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2011-2197"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:864039", "href": "http://plugins.openvas.org/nasl.php?oid=864039", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-3355\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 15\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html\");\n script_id(864039);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:04:22 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-1099\", \"CVE-2011-4319\", \"CVE-2011-2197\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-3355\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-3355\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.5~6.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:37:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2013-0686", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3463", "CVE-2012-3465", "CVE-2012-1099", "CVE-2012-3424", "CVE-2013-0156", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-3464", "CVE-2012-2694", "CVE-2013-0155", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865236", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865236", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2013-0686\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097246.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865236\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:25:34 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-3463\", \"CVE-2012-3464\",\n \"CVE-2012-3465\", \"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\",\n \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0686\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2013-0686\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~10.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:52:00", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2013-0686", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3463", "CVE-2012-3465", "CVE-2012-1099", "CVE-2012-3424", "CVE-2013-0156", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-3464", "CVE-2012-2694", "CVE-2013-0155", "CVE-2012-1098"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:865236", "href": "http://plugins.openvas.org/nasl.php?oid=865236", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2013-0686\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-actionpack on Fedora 16\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097246.html\");\n script_id(865236);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:25:34 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-3463\", \"CVE-2012-3464\",\n \"CVE-2012-3465\", \"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\",\n \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0686\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2013-0686\");\n\n script_summary(\"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~10.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:56:41", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-06-19T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-8912", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2011-2197", "CVE-2012-2660"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:864461", "href": "http://plugins.openvas.org/nasl.php?oid=864461", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-8912\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 15\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082316.html\");\n script_id(864461);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-19 09:37:33 +0530 (Tue, 19 Jun 2012)\");\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-1099\", \"CVE-2011-4319\", \"CVE-2011-2197\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-8912\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-8912\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.5~8.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-06-19T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-8912", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2011-2197", "CVE-2012-2660"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864461", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864461", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-8912\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082316.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864461\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-19 09:37:33 +0530 (Tue, 19 Jun 2012)\");\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-1099\", \"CVE-2011-4319\", \"CVE-2011-2197\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-8912\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-8912\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.5~8.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2013-0686", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2012-3464", "CVE-2013-0155", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865237", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865237", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2013-0686\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097244.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865237\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:26:00 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-3464\", \"CVE-2012-1098\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0686\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2013-0686\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activesupport'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-activesupport on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.10~5.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-02-11T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2013-1745", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2012-3464", "CVE-2012-1098", "CVE-2013-0333"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865338", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2013-1745\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098501.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865338\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:14:09 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0333\", \"CVE-2013-0156\", \"CVE-2012-3464\", \"CVE-2012-1098\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-1745\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2013-1745\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activesupport'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-activesupport on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.10~6.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-22T13:10:25", "description": "Check for the Version of rubygem-activesupport", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2013-0686", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2012-3464", "CVE-2013-0155", "CVE-2012-1098"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:865237", "href": "http://plugins.openvas.org/nasl.php?oid=865237", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2013-0686\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-activesupport on Fedora 16\";\ntag_insight = \"Utility library which carries commonly used classes and\n goodies from the Rails framework\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097244.html\");\n script_id(865237);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:26:00 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-3464\", \"CVE-2012-1098\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0686\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2013-0686\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activesupport\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.10~5.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-06T13:10:30", "description": "Check for the Version of rubygem-activesupport", "cvss3": {}, "published": "2013-02-11T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2013-1745", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2012-3464", "CVE-2012-1098", "CVE-2013-0333"], "modified": "2018-02-05T00:00:00", "id": "OPENVAS:865338", "href": "http://plugins.openvas.org/nasl.php?oid=865338", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2013-1745\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-activesupport on Fedora 16\";\ntag_insight = \"Utility library which carries commonly used classes and\n goodies from the Rails framework\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098501.html\");\n script_id(865338);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:14:09 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0333\", \"CVE-2013-0156\", \"CVE-2012-3464\", \"CVE-2012-1098\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-1745\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2013-1745\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activesupport\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.10~6.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-08-19T12:58:35", "description": "Fixes CVE-2012-1098 and CVE-2012-1099 for Fedora 16.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-19T00:00:00", "type": "nessus", "title": "Fedora 16 : rubygem-actionpack-3.0.10-3.fc16 / rubygem-activesupport-3.0.10-2.fc16 (2012-3321)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1098", "CVE-2012-1099"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:rubygem-activesupport", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-3321.NASL", "href": "https://www.tenable.com/plugins/nessus/58369", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-3321.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58369);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_bugtraq_id(52264);\n script_xref(name:\"FEDORA\", value:\"2012-3321\");\n\n script_name(english:\"Fedora 16 : rubygem-actionpack-3.0.10-3.fc16 / rubygem-activesupport-3.0.10-2.fc16 (2012-3321)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2012-1098 and CVE-2012-1099 for Fedora 16.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799276\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?06cdfc66\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075676.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ef2cd14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rubygem-actionpack and / or rubygem-activesupport\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-actionpack-3.0.10-3.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-activesupport-3.0.10-2.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack / rubygem-activesupport\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:58:54", "description": "Fixes CVE-2012-1098 and CVE-2012-1099 for Fedora 17.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-12T00:00:00", "type": "nessus", "title": "Fedora 17 : rubygem-actionpack-3.0.11-2.fc17 / rubygem-activesupport-3.0.11-3.fc17 (2012-3166)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1098", "CVE-2012-1099"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:rubygem-activesupport", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-3166.NASL", "href": "https://www.tenable.com/plugins/nessus/58311", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-3166.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58311);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_bugtraq_id(52264);\n script_xref(name:\"FEDORA\", value:\"2012-3166\");\n\n script_name(english:\"Fedora 17 : rubygem-actionpack-3.0.11-2.fc17 / rubygem-activesupport-3.0.11-3.fc17 (2012-3166)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2012-1098 and CVE-2012-1099 for Fedora 17.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799276\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075079.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ba41141\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075080.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82076733\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rubygem-actionpack and / or rubygem-activesupport\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"rubygem-actionpack-3.0.11-2.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"rubygem-activesupport-3.0.11-3.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack / rubygem-activesupport\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:58:37", "description": "Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-19T00:00:00", "type": "nessus", "title": "Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-3355.NASL", "href": "https://www.tenable.com/plugins/nessus/58371", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-3355.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58371);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1099\");\n script_bugtraq_id(52264);\n script_xref(name:\"FEDORA\", value:\"2012-3355\");\n\n script_name(english:\"Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799276\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa31baaa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"rubygem-actionpack-3.0.5-6.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:58:31", "description": "Sergey Nartimov discovered that in Rails, a Ruby based framework for web development, when developers generate html options tags manually, user input concatenated with manually built tags may not be escaped and an attacker can inject arbitrary HTML into the document.", "cvss3": {"score": null, "vector": null}, "published": "2012-05-10T00:00:00", "type": "nessus", "title": "Debian DSA-2466-1 : rails - XSS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2466.NASL", "href": "https://www.tenable.com/plugins/nessus/59060", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2466. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59060);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1099\");\n script_bugtraq_id(52264);\n script_xref(name:\"DSA\", value:\"2466\");\n\n script_name(english:\"Debian DSA-2466-1 : rails - XSS\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sergey Nartimov discovered that in Rails, a Ruby based framework for\nweb development, when developers generate html options tags manually,\nuser input concatenated with manually built tags may not be escaped\nand an attacker can inject arbitrary HTML into the document.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2466\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the rails packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libactionmailer-ruby\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionmailer-ruby1.8\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionpack-ruby\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionpack-ruby1.8\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby1.8\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby1.9.1\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiveresource-ruby\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiveresource-ruby1.8\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby1.8\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby1.9.1\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails-doc\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails-ruby1.8\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:55:42", "description": "Cross-site scripting (XSS) vulnerability in\nactionpack/lib/action_view/helpers/form_options_helper.rb in the select\nhelper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x\nbefore 3.2.2 allows remote attackers to inject arbitrary web script or HTML\nvia vectors involving certain generation of OPTION elements within SELECT\nelements.\n\n#### Bugs\n\n * <https://bugs.gentoo.org/show_bug.cgi?id=406547>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=799276>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | in Oneiric+, rails package is just for transition\n", "cvss3": {}, "published": "2012-03-13T00:00:00", "type": "ubuntucve", "title": "CVE-2012-1099", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1099"], "modified": "2012-03-13T00:00:00", "id": "UB:CVE-2012-1099", "href": "https://ubuntu.com/security/CVE-2012-1099", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:55:45", "description": "Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before\n3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers\nto inject arbitrary web script or HTML via vectors involving a SafeBuffer\nobject that is manipulated through certain methods.\n\n#### Bugs\n\n * <https://bugs.gentoo.org/show_bug.cgi?id=406547>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=799275>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | in Oneiric+, rails package is just for transition\n", "cvss3": {}, "published": "2012-03-13T00:00:00", "type": "ubuntucve", "title": "CVE-2012-1098", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1098"], "modified": "2012-03-13T00:00:00", "id": "UB:CVE-2012-1098", "href": "https://ubuntu.com/security/CVE-2012-1098", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:44", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2466-1 security@debian.org\r\nhttp://www.debian.org/security/ Thijs Kinkhorst\r\nMay 09, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : rails\r\nVulnerability : cross site scripting\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-1099\r\nDebian Bug : 668607\r\n\r\nSergey Nartimov discovered that in Rails, a Ruby based framework for\r\nweb development, when developers generate html options tags manually,\r\nuser input concatenated with manually built tags may not be escaped\r\nand an attacker can inject arbitrary HTML into the document.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 2.3.5-1.2+squeeze3.\r\n\r\nFor the testing distribution (wheezy) and unstable distribution (sid),\r\nthis problem has been fixed in version 2.3.14.\r\n\r\nWe recommend that you upgrade your rails packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJPqqmUAAoJEOxfUAG2iX576TAIANWp4utpgGLj6hVuNsrmuYOo\r\nfIxOW0nJDhoDfAUglXZvjkTFP/4z241H9L9MeG0MuSQL0mIbZ3yp8tg8MONWtfUJ\r\nl9TPPucCMukRBNZXAGcL3Q3VQcQDTRVZygDdEE6h7ZCQnXyYYFGaE9XyKpE4iMwQ\r\nZBxIs3rITS1nqUSGRJqQOXXTA/UsEAAmeTtrwXz0CJuxlml/poFAhiGwVE/WmzyR\r\n06bxelDxSklEpPB9TBCsDNOwIBkNEb5rL+0WkM4C4VZ7A1oKdxougNZhs+QNWxXI\r\nNup7Wm0XpykwvR6b7n5iWjnO8ACL2eS9p/sivKqIRwcmMzwyFBzJMHKrGE7IFOQ=\r\n=0qiE\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2012-05-14T00:00:00", "title": "[SECURITY] [DSA 2466-1] rails security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-1099"], "modified": "2012-05-14T00:00:00", "id": "SECURITYVULNS:DOC:28074", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28074", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T18:51:15", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2012-05-14T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2012-2094", "CVE-2012-2144"], "modified": "2012-05-14T00:00:00", "id": "SECURITYVULNS:VULN:12377", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12377", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "github": [{"lastseen": "2022-05-13T12:33:38", "description": "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.", "cvss3": {}, "published": "2017-10-24T18:33:38", "type": "github", "title": "Moderate severity vulnerability that affects actionpack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1099"], "modified": "2021-08-31T20:19:51", "id": "GHSA-2XJJ-5X6H-8VMF", "href": "https://github.com/advisories/GHSA-2xjj-5x6h-8vmf", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-13T12:33:38", "description": "Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.", "cvss3": {}, "published": "2017-10-24T18:33:38", "type": "github", "title": "Moderate severity vulnerability that affects activesupport", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1098"], "modified": "2021-09-16T21:07:57", "id": "GHSA-QV8P-V9QW-WC7G", "href": "https://github.com/advisories/GHSA-qv8p-v9qw-wc7g", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2021-10-21T23:56:53", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2466-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nMay 09, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nVulnerability : cross site scripting\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-1099\nDebian Bug : 668607\n\nSergey Nartimov discovered that in Rails, a Ruby based framework for\nweb development, when developers generate html options tags manually,\nuser input concatenated with manually built tags may not be escaped\nand an attacker can inject arbitrary HTML into the document.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze3.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 2.3.14.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-05-09T17:30:46", "type": "debian", "title": "[SECURITY] [DSA 2466-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1099"], "modified": "2012-05-09T17:30:46", "id": "DEBIAN:DSA-2466-1:8AFE9", "href": "https://lists.debian.org/debian-security-announce/2012/msg00101.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "osv": [{"lastseen": "2022-06-10T05:03:22", "description": "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.", "cvss3": {}, "published": "2017-10-24T18:33:38", "type": "osv", "title": "Moderate severity vulnerability that affects actionpack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1099"], "modified": "2022-06-10T02:12:02", "id": "OSV:GHSA-2XJJ-5X6H-8VMF", "href": "https://osv.dev/vulnerability/GHSA-2xjj-5x6h-8vmf", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-07T03:49:09", "description": "\nSergey Nartimov discovered that in Rails, a Ruby based framework for\nweb development, when developers generate html options tags manually,\nuser input concatenated with manually built tags may not be escaped\nand an attacker can inject arbitrary HTML into the document.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze3.\n\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 2.3.14.\n\n\nWe recommend that you upgrade your rails packages.\n\n\n", "cvss3": {}, "published": "2012-05-09T00:00:00", "type": "osv", "title": "rails - cross site scripting", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1099"], "modified": "2022-07-07T01:42:56", "id": "OSV:DSA-2466-1", "href": "https://osv.dev/vulnerability/DSA-2466-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-10T04:57:09", "description": "Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.", "cvss3": {}, "published": "2017-10-24T18:33:38", "type": "osv", "title": "Moderate severity vulnerability that affects activesupport", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1098"], "modified": "2022-06-10T02:17:31", "id": "OSV:GHSA-QV8P-V9QW-WC7G", "href": "https://osv.dev/vulnerability/GHSA-qv8p-v9qw-wc7g", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "gitlab": [{"lastseen": "2022-06-09T23:06:00", "description": "Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. ", "cvss3": {}, "published": "2012-03-13T00:00:00", "type": "gitlab", "title": "XSS via posted select tag options", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1099"], "modified": "2012-03-13T00:00:00", "id": "GITLAB-0B6CF026F67000BC98D5CEFA146C7484", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/gem%2Factionpack%2FCVE-2012-1099.yml/raw", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-09T23:07:39", "description": "Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate direct manipulations of `SafeBuffer` objects via `'[]'` and other methods. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. ", "cvss3": {}, "published": "2012-03-13T00:00:00", "type": "gitlab", "title": "Direct Manipulation XSS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1098"], "modified": "2012-03-13T00:00:00", "id": "GITLAB-BC301182615948A7A8B0D81153EEBA2A", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/gem%2Factivesupport%2FCVE-2012-1098.yml/raw", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2022-07-04T06:01:58", "description": "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.", "cvss3": {}, "published": "2012-03-13T10:55:00", "type": "debiancve", "title": "CVE-2012-1099", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1099"], "modified": "2012-03-13T10:55:00", "id": "DEBIANCVE:CVE-2012-1099", "href": "https://security-tracker.debian.org/tracker/CVE-2012-1099", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-04T06:01:58", "description": "Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.", "cvss3": {}, "published": "2012-03-13T10:55:00", "type": "debiancve", "title": "CVE-2012-1098", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1098"], "modified": "2012-03-13T10:55:00", "id": "DEBIANCVE:CVE-2012-1098", "href": "https://security-tracker.debian.org/tracker/CVE-2012-1098", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T11:55:12", "description": "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.", "cvss3": {}, "published": "2012-03-13T10:55:00", "type": "cve", "title": "CVE-2012-1099", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1099"], "modified": "2019-08-08T15:42:00", "cpe": ["cpe:/a:rubyonrails:rails:3.1.0", "cpe:/a:rubyonrails:rails:3.2.2", "cpe:/a:rubyonrails:rails:3.1.4", "cpe:/a:rubyonrails:rails:3.1.1", "cpe:/a:rubyonrails:rails:3.0.10", "cpe:/a:rubyonrails:rails:3.0.7", "cpe:/a:rubyonrails:rails:3.0.3", "cpe:/a:rubyonrails:rails:3.0.5", "cpe:/a:rubyonrails:ruby_on_rails:3.0.4", "cpe:/a:rubyonrails:rails:3.1.2", "cpe:/a:rubyonrails:rails:3.1.3", "cpe:/a:rubyonrails:rails:3.0.4", "cpe:/a:rubyonrails:rails:3.0.8", "cpe:/a:rubyonrails:rails:3.0.2", "cpe:/a:rubyonrails:rails:3.2.0", "cpe:/a:rubyonrails:rails:3.0.12", "cpe:/a:rubyonrails:rails:3.0.11", "cpe:/a:rubyonrails:rails:3.0.6", "cpe:/a:rubyonrails:rails:3.0.9", "cpe:/a:rubyonrails:rails:3.0.0", "cpe:/a:rubyonrails:rails:3.2.1", "cpe:/a:rubyonrails:rails:3.0.1"], "id": "CVE-2012-1099", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1099", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:55:13", "description": "Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.", "cvss3": {}, "published": "2012-03-13T10:55:00", "type": "cve", "title": "CVE-2012-1098", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1098"], "modified": "2019-08-08T15:42:00", "cpe": ["cpe:/a:rubyonrails:rails:3.1.0", "cpe:/a:rubyonrails:rails:3.2.2", "cpe:/a:rubyonrails:rails:3.1.4", "cpe:/a:rubyonrails:rails:3.1.1", "cpe:/a:rubyonrails:rails:3.0.10", "cpe:/a:rubyonrails:rails:3.0.7", "cpe:/a:rubyonrails:rails:3.0.3", "cpe:/a:rubyonrails:rails:3.0.5", "cpe:/a:rubyonrails:ruby_on_rails:3.0.4", "cpe:/a:rubyonrails:rails:3.1.2", "cpe:/a:rubyonrails:rails:3.1.3", "cpe:/a:rubyonrails:rails:3.0.4", "cpe:/a:rubyonrails:rails:3.0.8", "cpe:/a:rubyonrails:rails:3.0.2", "cpe:/a:rubyonrails:rails:3.2.0", "cpe:/a:rubyonrails:rails:3.0.11", "cpe:/a:rubyonrails:rails:3.0.12", "cpe:/a:rubyonrails:rails:3.0.6", "cpe:/a:rubyonrails:rails:3.0.9", "cpe:/a:rubyonrails:rails:3.0.0", "cpe:/a:rubyonrails:rails:3.2.1", "cpe:/a:rubyonrails:rails:3.0.1"], "id": "CVE-2012-1098", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1098", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*"]}], "rubygems": [{"lastseen": "2022-03-17T15:51:30", "description": "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.", "cvss3": {}, "published": "2012-03-01T00:00:00", "type": "rubygems", "title": "CVE-2012-1099 rubygem-actionpack: XSS in the 'select' helper", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2012-1099", "CVE-2012-1099"], "modified": "2012-03-01T00:00:00", "id": "RUBY:ACTIONPACK-2012-1099-79727", "href": "https://rubysec.com/advisories/2012-1099/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-17T15:51:30", "description": "Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.", "cvss3": {}, "published": "2012-03-01T00:00:00", "type": "rubygems", "title": "CVE-2012-1098 rubygem-activesupport: XSS in SafeBuffer#[] (unescaped safe buffers can be marked as safe)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2012-1098", "CVE-2012-1098"], "modified": "2012-03-01T00:00:00", "id": "RUBY:ACTIVESUPPORT-2012-1098-79726", "href": "https://rubysec.com/advisories/2012-1098/", "cvss": {"score": 0.0, "vector": "NONE"}}]}
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-3.fc17
