DATABASE RESOURCES PRICING ABOUT US

{"id": "7E61CF44-6549-11E6-8286-00248C0C745D", "vendorId": null, "type": "freebsd", "bulletinFamily": "unix", "title": "Rails 4 -- Unsafe Query Generation Risk in Active Record", "description": "\n\nRuby Security team reports:\n\nThere is a vulnerability when Active Record is used in conjunction with JSON\nparameter parsing. This vulnerability has been assigned the CVE identifier\nCVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694\nand CVE-2013-0155.\n\n\n", "published": "2016-08-11T00:00:00", "modified": "2016-08-11T00:00:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://vuxml.freebsd.org/freebsd/7e61cf44-6549-11e6-8286-00248c0c745d.html", "reporter": "FreeBSD", "references": ["https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA"], "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155", "CVE-2016-6317"], "immutableFields": [], "lastseen": "2022-01-19T15:51:32", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155", "CVE-2013-6417", "CVE-2016-6317"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2609-1:CB6F6"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-0155", "DEBIANCVE:CVE-2013-6417", "DEBIANCVE:CVE-2016-6317"]}, {"type": "fedora", "idList": ["FEDORA:0132C20F1D", "FEDORA:072A56042D49", "FEDORA:1946120C02", "FEDORA:20AB92101C", "FEDORA:29E53215A3", "FEDORA:2B7856042D4C", "FEDORA:30B5421034", "FEDORA:335C96042D4E", "FEDORA:3598220B7B", "FEDORA:3C1406042D4F", "FEDORA:3D63B21039", "FEDORA:3FB8F20E52", "FEDORA:4559220F4C", "FEDORA:45DE46042D51", "FEDORA:4A73660A445D", "FEDORA:57486219BC", "FEDORA:5EBB0209F9", "FEDORA:5FE0860A4EFB", "FEDORA:6035420AD7", "FEDORA:6247120D06", "FEDORA:68E0120EF2", "FEDORA:7002C21517", "FEDORA:70A4A21E1E", "FEDORA:732356042D46", "FEDORA:7B35121E3E", "FEDORA:7E33C6042D49", "FEDORA:837166087EC2", "FEDORA:8750E601CE69", "FEDORA:8AEB121931", "FEDORA:8F063214D7", "FEDORA:9031B601B8E4", "FEDORA:909536087ECC", "FEDORA:97F30216D6", "FEDORA:9D8B2608A217", "FEDORA:A05A921771", "FEDORA:A683320E82", "FEDORA:A94FC21782", "FEDORA:B167C2162A", "FEDORA:B1B3320FA2", "FEDORA:B5E2821466", "FEDORA:E734D20FB7"]}, {"type": "freebsd", "idList": ["748AA89F-D529-11E1-82AB-001FD0AF1A4C", "CA5D3272-59E3-11E2-853B-00262D5ED8EE"]}, {"type": "gentoo", "idList": ["GLSA-201412-28"]}, {"type": "github", "idList": ["GHSA-GPPP-5XC5-WFPX", "GHSA-HGPP-PP89-4FGF", "GHSA-M8H6-M9P5-P2F8", "GHSA-PR3R-4WRP-R2PV", "GHSA-Q34C-48GC-M9G8", "GHSA-WPW7-WXJM-CW8R"]}, {"type": "gitlab", "idList": ["GITLAB-3CE9A140378A064CBEF6D0D382474BF9", "GITLAB-452A380074293E9FA5EFD245D01072F7", "GITLAB-458067D17304B1F214D926D8775EF9E6", "GITLAB-5B17B2C7F62600B3015EE653C58C39C1", "GITLAB-6257F45EC5F52983A689CB6F5007173B", "GITLAB-64623E55B301EB96D940497B718EB419"]}, {"type": "hackerone", "idList": ["H1:139321"]}, {"type": "ibm", "idList": ["45812683CEA60D9CC6817DBE36D23E729263EB6EDD74EEA214275620D34EDC74"]}, {"type": "ics", "idList": ["ICSA-13-036-01A"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2609.NASL", "FEDORA_2012-8868.NASL", "FEDORA_2012-8883.NASL", "FEDORA_2012-8912.NASL", "FEDORA_2012-9606.NASL", "FEDORA_2012-9636.NASL", "FEDORA_2013-0568.NASL", "FEDORA_2013-0635.NASL", "FEDORA_2013-0686.NASL", "FEDORA_2013-23636.NASL", "FEDORA_2014-3232.NASL", "FEDORA_2016-5760339E76.NASL", "FEDORA_2016-B4919FFE56.NASL", "FEDORA_2016-F58D7ECC8A.NASL", "FREEBSD_PKG_748AA89FD52911E182AB001FD0AF1A4C.NASL", "FREEBSD_PKG_7E61CF44654911E6828600248C0C745D.NASL", "FREEBSD_PKG_CA5D327259E311E2853B00262D5ED8EE.NASL", "GENTOO_GLSA-201412-28.NASL", "MACOSX_SECUPD2013-002.NASL", "OPENSUSE-2012-508.NASL", "OPENSUSE-2012-536.NASL", "OPENSUSE-2013-106.NASL", "OPENSUSE-2013-988.NASL", "OPENSUSE-2013-989.NASL", "OPENSUSE-2013-990.NASL", "OPENSUSE-2014-1.NASL", "REDHAT-RHSA-2013-0154.NASL", "REDHAT-RHSA-2013-0582.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121314", "OPENVAS:136141256231071520", "OPENVAS:1361412562310804062", "OPENVAS:1361412562310807377", "OPENVAS:1361412562310807378", "OPENVAS:1361412562310809159", "OPENVAS:1361412562310809161", "OPENVAS:1361412562310809163", "OPENVAS:1361412562310809167", "OPENVAS:1361412562310850307", "OPENVAS:1361412562310850397", "OPENVAS:1361412562310850400", "OPENVAS:1361412562310864444", "OPENVAS:1361412562310864447", "OPENVAS:1361412562310864461", "OPENVAS:1361412562310864521", "OPENVAS:1361412562310864525", "OPENVAS:1361412562310864618", "OPENVAS:1361412562310864619", "OPENVAS:1361412562310864635", "OPENVAS:1361412562310864638", "OPENVAS:1361412562310865112", "OPENVAS:1361412562310865148", "OPENVAS:1361412562310865182", "OPENVAS:1361412562310865220", "OPENVAS:1361412562310865224", "OPENVAS:1361412562310865226", "OPENVAS:1361412562310865230", "OPENVAS:1361412562310865232", "OPENVAS:1361412562310865235", "OPENVAS:1361412562310865236", "OPENVAS:1361412562310865237", "OPENVAS:1361412562310865365", "OPENVAS:1361412562310865378", "OPENVAS:1361412562310865508", "OPENVAS:1361412562310865512", "OPENVAS:1361412562310865515", "OPENVAS:1361412562310867566", "OPENVAS:1361412562310867582", "OPENVAS:1361412562310871890", "OPENVAS:1361412562310871937", "OPENVAS:1361412562310871965", "OPENVAS:1361412562310871981", "OPENVAS:1361412562310872008", "OPENVAS:1361412562310872011", "OPENVAS:1361412562310872038", "OPENVAS:1361412562310872047", "OPENVAS:1361412562310872056", "OPENVAS:1361412562310872094", "OPENVAS:1361412562310892609", "OPENVAS:71520", "OPENVAS:850307", "OPENVAS:850397", "OPENVAS:850400", "OPENVAS:864444", "OPENVAS:864447", "OPENVAS:864461", "OPENVAS:864521", "OPENVAS:864525", "OPENVAS:864618", "OPENVAS:864619", "OPENVAS:864635", "OPENVAS:864638", "OPENVAS:865112", "OPENVAS:865148", "OPENVAS:865182", "OPENVAS:865220", "OPENVAS:865224", "OPENVAS:865226", "OPENVAS:865230", "OPENVAS:865232", "OPENVAS:865235", "OPENVAS:865236", "OPENVAS:865237", "OPENVAS:865365", "OPENVAS:865378", "OPENVAS:865508", "OPENVAS:865512", "OPENVAS:865515", "OPENVAS:867566", "OPENVAS:867582", "OPENVAS:892609"]}, {"type": "osv", "idList": ["OSV:DSA-2609-1", "OSV:GHSA-GPPP-5XC5-WFPX", "OSV:GHSA-HGPP-PP89-4FGF", "OSV:GHSA-PR3R-4WRP-R2PV", "OSV:GHSA-Q34C-48GC-M9G8", "OSV:GHSA-WPW7-WXJM-CW8R"]}, {"type": "redhat", "idList": ["RHSA-2013:0154", "RHSA-2013:0582", "RHSA-2013:1794", "RHSA-2014:0008", "RHSA-2014:0469", "RHSA-2016:1855"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-6317"]}, {"type": "rubygems", "idList": ["RUBY:ACTIONPACK-2013-6417-100527", "RUBY:ACTIVERECORD-2012-2660-82610", "RUBY:ACTIVERECORD-2013-0155-89025", "RUBY:ACTIVERECORD-2016-6317"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29464", "SECURITYVULNS:VULN:13126"]}, {"type": "seebug", "idList": ["SSV:60217", "SSV:60567"]}, {"type": "silentrobots", "idList": ["SILENTROBOTS:A94A151FFC790CBB8F3E2E81C8C2A68D", "SILENTROBOTS:FC79DEE8B3729FE529F4CD29DD5773C6"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0978-1", "OPENSUSE-SU-2013:0278-1", "OPENSUSE-SU-2013:0280-1", "SUSE-SU-2012:1012-1", "SUSE-SU-2012:1014-1", "SUSE-SU-2012:1015-1", "SUSE-SU-2013:0486-1", "SUSE-SU-2013:0508-1", "SUSE-SU-2013:0606-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-2660", "UB:CVE-2012-2694", "UB:CVE-2013-0155", "UB:CVE-2013-6417", "UB:CVE-2016-6317"]}]}, "score": {"value": 3.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155", "CVE-2016-6317"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-0155", "DEBIANCVE:CVE-2016-6317"]}, {"type": "fedora", "idList": ["FEDORA:7E33C6042D49", "FEDORA:A94FC21782"]}, {"type": "freebsd", "idList": ["748AA89F-D529-11E1-82AB-001FD0AF1A4C", "CA5D3272-59E3-11E2-853B-00262D5ED8EE"]}, {"type": "gentoo", "idList": ["GLSA-201412-28"]}, {"type": "github", "idList": ["GHSA-Q34C-48GC-M9G8"]}, {"type": "nessus", "idList": ["FEDORA_2016-B4919FFE56.NASL", "FEDORA_2016-F58D7ECC8A.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310867566", "OPENVAS:865148", "OPENVAS:865224", "OPENVAS:865226"]}, {"type": "redhat", "idList": ["RHSA-2016:1855"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-6317"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29464"]}, {"type": "seebug", "idList": ["SSV:60567"]}, {"type": "silentrobots", "idList": ["SILENTROBOTS:FC79DEE8B3729FE529F4CD29DD5773C6"]}, {"type": "suse", "idList": ["SUSE-SU-2013:0606-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-2694"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2012-2660", "epss": "0.003330000", "percentile": "0.665450000", "modified": "2023-03-15"}, {"cve": "CVE-2012-2694", "epss": "0.003160000", "percentile": "0.656470000", "modified": "2023-03-15"}, {"cve": "CVE-2013-0155", "epss": "0.003710000", "percentile": "0.683500000", "modified": "2023-03-15"}, {"cve": "CVE-2016-6317", "epss": "0.002930000", "percentile": "0.643030000", "modified": "2023-03-15"}], "vulnersScore": 3.6}, "_state": {"dependencies": 1678906027, "score": 1678905180, "epss": 1678905580}, "_internal": {"score_hash": "0d6c1313f37fa6d720cfc192dd1b2b78"}, "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "packageVersion": "4.2.7.1", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "rubygem-activerecord4"}]}

{"ubuntucve": [{"lastseen": "2022-08-04T14:09:13", "description": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly\nconsider differences in parameter handling between the Active Record\ncomponent and the JSON implementation, which allows remote attackers to\nbypass intended database-query restrictions and perform NULL checks or\ntrigger missing WHERE clauses via a crafted request, as demonstrated by\ncertain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694,\nand CVE-2013-0155.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward \n[ebarretto](<https://launchpad.net/~ebarretto>) | Only Active Record &gt;= 4.2.0 are affected\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-09-07T00:00:00", "type": "ubuntucve", "title": "CVE-2016-6317", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155", "CVE-2016-6317"], "modified": "2016-09-07T00:00:00", "id": "UB:CVE-2016-6317", "href": "https://ubuntu.com/security/CVE-2016-6317", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:26:55", "description": "Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before\n3.2.11 does not properly consider differences in parameter handling between\nthe Active Record component and the JSON implementation, which allows\nremote attackers to bypass intended database-query restrictions and perform\nNULL checks or trigger missing WHERE clauses via a crafted request, as\ndemonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660\nand CVE-2012-2694.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697744>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697802>\n * <https://bugs.launchpad.net/bugs/1100188>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | in Oneiric+, rails package is just for transition \n[jdstrand](<https://launchpad.net/~jdstrand>) | vulnerabilities are in ruby-actionpack* and ruby-activerecord* in Ubuntu 11.10 and higher per Debian, ruby-actionpack-2.3 not-affected (only ruby-activerecord-2.3)\n", "cvss3": {}, "published": "2013-01-13T00:00:00", "type": "ubuntucve", "title": "CVE-2013-0155", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155"], "modified": "2013-01-13T00:00:00", "id": "UB:CVE-2013-0155", "href": "https://ubuntu.com/security/CVE-2013-0155", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-08-04T14:29:48", "description": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before\n3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly\nconsider differences in parameter handling between the Active Record\ncomponent and the Rack interface, which allows remote attackers to bypass\nintended database-query restrictions and perform NULL checks via a crafted\nrequest, as demonstrated by certain \"['xyz', nil]\" values, a related issue\nto CVE-2012-2660.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675429>\n", "cvss3": {}, "published": "2012-06-22T00:00:00", "type": "ubuntucve", "title": "CVE-2012-2694", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2012-06-22T00:00:00", "id": "UB:CVE-2012-2694", "href": "https://ubuntu.com/security/CVE-2012-2694", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:29:49", "description": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before\n3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly\nconsider differences in parameter handling between the Active Record\ncomponent and the Rack interface, which allows remote attackers to bypass\nintended database-query restrictions and perform NULL checks via a crafted\nrequest, as demonstrated by certain \"[nil]\" values, a related issue to\nCVE-2012-2694.\nThere is a vulnerability when Active Record is used in conjunction with\nparameter parsing from Rack via Action Pack.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[tyhicks](<https://launchpad.net/~tyhicks>) | From the advisory, it sounds like 2.3 is affected.\n", "cvss3": {}, "published": "2012-06-22T00:00:00", "type": "ubuntucve", "title": "CVE-2012-2660", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2012-06-22T00:00:00", "id": "UB:CVE-2012-2660", "href": "https://ubuntu.com/security/CVE-2012-2660", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-08-04T14:23:14", "description": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before\n3.2.16 and 4.x before 4.0.2 does not properly consider differences in\nparameter handling between the Active Record component and the JSON\nimplementation, which allows remote attackers to bypass intended\ndatabase-query restrictions and perform NULL checks or trigger missing\nWHERE clauses via a crafted request that leverages (1) third-party Rack\nmiddleware or (2) custom Rack middleware. NOTE: this vulnerability exists\nbecause of an incomplete fix for CVE-2013-0155.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | in Oneiric+, rails package is just for transition\n", "cvss3": {}, "published": "2013-12-07T00:00:00", "type": "ubuntucve", "title": "CVE-2013-6417", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-6417"], "modified": "2013-12-07T00:00:00", "id": "UB:CVE-2013-6417", "href": "https://ubuntu.com/security/CVE-2013-6417", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "hackerone": [{"lastseen": "2023-02-03T01:51:28", "bounty": 1500.0, "description": "# Unsafe Query Generation Risk in Active Record \n\nThere is a vulnerability when Active Record is used in conjunction with JSON \nparameter parsing. This vulnerability has been assigned the CVE identifier \nCVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 \nand CVE-2013-0155. \n\nVersions Affected: >= 4.2.0 \nNot affected: < 4.2.0, >= 5.0.0 \nFixed Versions: 4.2.7.1 \n\nImpact \n------ \n\nDue to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with \"IS NULL\" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it. \n\nFor example, a system has password reset with token functionality: \n\n unless params[:token].nil? \n user = User.find_by_token(params[:token]) \n user.reset_password! \n end \n\nAn attacker can craft a request such that `params[:token]` will return `[nil]`. The `[nil]` value will bypass the test for nil, but will still add an \"IN ('xyz', NULL)\" clause to the SQL query. \n\nSimilarly, an attacker can craft a request such that `params[:token]` will return an empty hash. An empty hash will eliminate the WHERE clause of the query, but can bypass the `nil?` check. \n\nNote that this impacts not only dynamic finders (`find_by_*`) but also relations (`User.where(:name => params[:name])`). \n\nAll users running an affected release should either upgrade or use one of the work arounds immediately. All users running an affected release should upgrade immediately. Please note, this vulnerability is a variant of CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155. Even if you upgraded to address those issues, you must take action again. \n\nIf this chance in behavior impacts your application, you can manually decode the original values from the request like so: \n\n ActiveSupport::JSON.decode(request.body) \n\nReleases \n-------- \nThe FIXED releases are available at the normal locations. \n\nWorkarounds \n----------- \nThis problem can be mitigated by casting the parameter to a string before passing it to Active Record. For example: \n\n unless params[:token].nil? || params[:token].to_s.empty? \n user = User.find_by_token(params[:token].to_s) \n user.reset_password! \n end \n\n\nPatches \n------- \nTo aid users who aren't able to upgrade immediately we have provided patches for \nthe two supported release series. They are in git-am format and consist of a \nsingle changeset. \n\n* 4-2-unsafe-query-generation.patch - Patch for 4.2 series \n\nPlease note that only the 5.0.x and 4.2.x series are supported at present. Users \nof earlier unsupported releases are advised to upgrade as soon as possible as we \ncannot guarantee the continued availability of security fixes for unsupported \nreleases. \n\nCredits \n------- \n\nThanks to joernchen of Phenoelit for reporting this!", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-05-17T13:38:03", "type": "hackerone", "title": "Ruby on Rails: Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155", "CVE-2016-6317"], "modified": "2018-02-07T21:02:19", "id": "H1:139321", "href": "https://hackerone.com/reports/139321", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2022-04-12T16:05:50", "description": "Ruby Security team reports :\n\nThere is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability has been assigned the CVE identifier CVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155.", "cvss3": {}, "published": "2016-10-17T00:00:00", "type": "nessus", "title": "FreeBSD : Rails 4 -- Unsafe Query Generation Risk in Active Record (7e61cf44-6549-11e6-8286-00248c0c745d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155", "CVE-2016-6317"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-activerecord4", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_7E61CF44654911E6828600248C0C745D.NASL", "href": "https://www.tenable.com/plugins/nessus/94082", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94082);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-6317\");\n\n script_name(english:\"FreeBSD : Rails 4 -- Unsafe Query Generation Risk in Active Record (7e61cf44-6549-11e6-8286-00248c0c745d)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ruby Security team reports :\n\nThere is a vulnerability when Active Record is used in conjunction\nwith JSON parameter parsing. This vulnerability has been assigned the\nCVE identifier CVE-2016-6317. This vulnerability is similar to\nCVE-2012-2660, CVE-2012-2694 and CVE-2013-0155.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA\"\n );\n # https://vuxml.freebsd.org/freebsd/7e61cf44-6549-11e6-8286-00248c0c745d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e0e8b71\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activerecord4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activerecord4>4.2.0<4.2.7.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-06T14:19:18", "description": "Fix for CVE-2012-2694.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-07-01T00:00:00", "type": "nessus", "title": "Fedora 16 : rubygem-actionpack-3.0.10-7.fc16 (2012-9636)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-9636.NASL", "href": "https://www.tenable.com/plugins/nessus/59805", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9636.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59805);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-2694\");\n script_bugtraq_id(53754, 53976);\n script_xref(name:\"FEDORA\", value:\"2012-9636\");\n\n script_name(english:\"Fedora 16 : rubygem-actionpack-3.0.10-7.fc16 (2012-9636)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2012-2694.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=831581\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/083135.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6a742887\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-actionpack-3.0.10-7.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-07T14:14:43", "description": "Fix for CVE-2012-2694.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-07-01T00:00:00", "type": "nessus", "title": "Fedora 17 : rubygem-actionpack-3.0.11-5.fc17 (2012-9606)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-9606.NASL", "href": "https://www.tenable.com/plugins/nessus/59802", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9606.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59802);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-2694\");\n script_bugtraq_id(53754, 53976);\n script_xref(name:\"FEDORA\", value:\"2012-9606\");\n\n script_name(english:\"Fedora 17 : rubygem-actionpack-3.0.11-5.fc17 (2012-9606)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2012-2694.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=831581\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/083133.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?efddccd5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"rubygem-actionpack-3.0.11-5.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-07T14:20:45", "description": "3 Security issues were fixed in rails 2.3 core components.\n\n2 NULL query issues where fixed in the actionpack gem. 1 SQL injection was fixed in the activerecord gem.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-actionpack/activerecord-2_3 (openSUSE-SU-2012:0978-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2012-2695"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rubygem-actionpack-2_3", "p-cpe:/a:novell:opensuse:rubygem-actionpack-2_3-testsuite", "p-cpe:/a:novell:opensuse:rubygem-activerecord-2_3", "p-cpe:/a:novell:opensuse:rubygem-activerecord-2_3-testsuite", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-508.NASL", "href": "https://www.tenable.com/plugins/nessus/74710", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-508.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74710);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-2694\", \"CVE-2012-2695\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionpack/activerecord-2_3 (openSUSE-SU-2012:0978-1)\");\n script_summary(english:\"Check for the openSUSE-2012-508 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"3 Security issues were fixed in rails 2.3 core components.\n\n2 NULL query issues where fixed in the actionpack gem. 1 SQL injection\nwas fixed in the activerecord gem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=765097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=766792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-08/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack/activerecord-2_3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack-2_3-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activerecord-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activerecord-2_3-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"rubygem-actionpack-2_3-2.3.14-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"rubygem-actionpack-2_3-testsuite-2.3.14-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"rubygem-activerecord-2_3-2.3.14-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"rubygem-activerecord-2_3-testsuite-2.3.14-3.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack/activerecord-2_3\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-17T14:23:26", "description": "- Fix for CVE-2016-6317 (rhbz#1366479)\n\n - Fix argument error for instance_exec for Ruby 2.3 compatibility (Only rubygem-activerecord f24)\n\n - Improve tests not to accept the failures (Only rubygem-activerecord)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-08-30T00:00:00", "type": "nessus", "title": "Fedora 24 : 1:rubygem-actionpack / 1:rubygem-activerecord (2016-b4919ffe56)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6317"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-B4919FFE56.NASL", "href": "https://www.tenable.com/plugins/nessus/93207", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-b4919ffe56.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93207);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6317\");\n script_xref(name:\"FEDORA\", value:\"2016-b4919ffe56\");\n\n script_name(english:\"Fedora 24 : 1:rubygem-actionpack / 1:rubygem-activerecord (2016-b4919ffe56)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix for CVE-2016-6317 (rhbz#1366479)\n\n - Fix argument error for instance_exec for Ruby 2.3\n compatibility (Only rubygem-activerecord f24)\n\n - Improve tests not to accept the failures (Only\n rubygem-activerecord)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4919ffe56\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected 1:rubygem-actionpack and / or\n1:rubygem-activerecord packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"rubygem-actionpack-4.2.5.2-3.fc24\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC24\", reference:\"rubygem-activerecord-4.2.5.2-2.fc24\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:rubygem-actionpack / 1:rubygem-activerecord\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:40:34", "description": "- Fix for CVE-2016-6317 (rhbz#1366479)\n\n - Fix argument error for instance_exec for Ruby 2.3 compatibility (Only rubygem-activerecord f24)\n\n - Improve tests not to accept the failures (Only rubygem-activerecord)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-08-30T00:00:00", "type": "nessus", "title": "Fedora 23 : 1:rubygem-actionpack / 1:rubygem-activerecord (2016-f58d7ecc8a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-F58D7ECC8A.NASL", "href": "https://www.tenable.com/plugins/nessus/93209", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-f58d7ecc8a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93209);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6317\");\n script_xref(name:\"FEDORA\", value:\"2016-f58d7ecc8a\");\n\n script_name(english:\"Fedora 23 : 1:rubygem-actionpack / 1:rubygem-activerecord (2016-f58d7ecc8a)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix for CVE-2016-6317 (rhbz#1366479)\n\n - Fix argument error for instance_exec for Ruby 2.3\n compatibility (Only rubygem-activerecord f24)\n\n - Improve tests not to accept the failures (Only\n rubygem-activerecord)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-f58d7ecc8a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected 1:rubygem-actionpack and / or\n1:rubygem-activerecord packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"rubygem-actionpack-4.2.3-6.fc23\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC23\", reference:\"rubygem-activerecord-4.2.3-3.fc23\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:rubygem-actionpack / 1:rubygem-activerecord\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-07T14:18:59", "description": "Multiple version upgrades for rails components.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-actionmailer-3_2 / rubygem-actionpack-3_2 / rubygem-activemodel-3_2 / etc (openSUSE-SU-2012:1066-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2661", "CVE-2012-2694", "CVE-2012-2695", "CVE-2012-3424"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rubygem-actionmailer-3_2", "p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2", "p-cpe:/a:novell:opensuse:rubygem-activemodel-3_2", "p-cpe:/a:novell:opensuse:rubygem-activerecord-3_2", "p-cpe:/a:novell:opensuse:rubygem-activeresource-3_2", "p-cpe:/a:novell:opensuse:rubygem-activesupport-3_2", "p-cpe:/a:novell:opensuse:rubygem-journey-1_0", "p-cpe:/a:novell:opensuse:rubygem-journey-1_0-testsuite", "p-cpe:/a:novell:opensuse:rubygem-rails-3_2", "p-cpe:/a:novell:opensuse:rubygem-railties-3_2", "p-cpe:/a:novell:opensuse:rubygem-sprockets-2_1", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2012-536.NASL", "href": "https://www.tenable.com/plugins/nessus/74727", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-536.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74727);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-2661\", \"CVE-2012-2694\", \"CVE-2012-2695\", \"CVE-2012-3424\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionmailer-3_2 / rubygem-actionpack-3_2 / rubygem-activemodel-3_2 / etc (openSUSE-SU-2012:1066-1)\");\n script_summary(english:\"Check for the openSUSE-2012-536 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Multiple version upgrades for rails components.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionmailer-3_2 / rubygem-actionpack-3_2 / rubygem-activemodel-3_2 / etc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionmailer-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activemodel-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activerecord-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activeresource-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activesupport-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-journey-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-journey-1_0-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-rails-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-railties-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-sprockets-2_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"rubygem-actionmailer-3_2-3.2.7-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"rubygem-actionpack-3_2-3.2.7-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"rubygem-activemodel-3_2-3.2.7-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"rubygem-activerecord-3_2-3.2.7-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"rubygem-activeresource-3_2-3.2.7-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"rubygem-activesupport-3_2-3.2.7-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"rubygem-journey-1_0-1.0.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"rubygem-journey-1_0-testsuite-1.0.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"rubygem-rails-3_2-3.2.7-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"rubygem-railties-3_2-3.2.7-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"rubygem-sprockets-2_1-2.1.3-3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionmailer-3_2 / rubygem-actionpack-3_2 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-06T14:18:44", "description": "Fix for CVE-2012-2660.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-06-18T00:00:00", "type": "nessus", "title": "Fedora 15 : rubygem-actionpack-3.0.5-8.fc15 (2012-8912)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-8912.NASL", "href": "https://www.tenable.com/plugins/nessus/59537", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8912.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59537);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2660\");\n script_bugtraq_id(53754);\n script_xref(name:\"FEDORA\", value:\"2012-8912\");\n\n script_name(english:\"Fedora 15 : rubygem-actionpack-3.0.5-8.fc15 (2012-8912)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2012-2660.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=827353\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082316.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0040fe73\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"rubygem-actionpack-3.0.5-8.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-06T14:18:45", "description": "Fix for CVE-2012-2660.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-06-15T00:00:00", "type": "nessus", "title": "Fedora 17 : rubygem-actionpack-3.0.11-4.fc17 (2012-8868)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-8868.NASL", "href": "https://www.tenable.com/plugins/nessus/59514", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8868.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59514);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2660\");\n script_xref(name:\"FEDORA\", value:\"2012-8868\");\n\n script_name(english:\"Fedora 17 : rubygem-actionpack-3.0.11-4.fc17 (2012-8868)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2012-2660.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=827353\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082217.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1d19f20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"rubygem-actionpack-3.0.11-4.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-06T14:18:56", "description": "Fix for CVE-2012-2660.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-06-15T00:00:00", "type": "nessus", "title": "Fedora 16 : rubygem-actionpack-3.0.10-6.fc16 (2012-8883)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-8883.NASL", "href": "https://www.tenable.com/plugins/nessus/59515", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8883.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59515);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2660\");\n script_xref(name:\"FEDORA\", value:\"2012-8883\");\n\n script_name(english:\"Fedora 16 : rubygem-actionpack-3.0.10-6.fc16 (2012-8883)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2012-2660.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=827353\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082226.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e69a6288\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-actionpack-3.0.10-6.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:41:20", "description": "An interpretation conflict can cause the Active Record component of Rails, a web framework for the Ruby programming language, to truncate queries in unexpected ways. This may allow attackers to elevate their privileges.", "cvss3": {}, "published": "2013-01-17T00:00:00", "type": "nessus", "title": "Debian DSA-2609-1 : rails - SQL query manipulation", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2609.NASL", "href": "https://www.tenable.com/plugins/nessus/63582", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2609. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63582);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-0155\");\n script_bugtraq_id(57192);\n script_xref(name:\"DSA\", value:\"2609\");\n\n script_name(english:\"Debian DSA-2609-1 : rails - SQL query manipulation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An interpretation conflict can cause the Active Record component of\nRails, a web framework for the Ruby programming language, to truncate\nqueries in unexpected ways. This may allow attackers to elevate their\nprivileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2609\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the rails packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libactionmailer-ruby\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionmailer-ruby1.8\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionpack-ruby\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionpack-ruby1.8\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby1.8\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby1.9.1\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiveresource-ruby\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiveresource-ruby1.8\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby1.8\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby1.9.1\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails-doc\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails-ruby1.8\", reference:\"2.3.5-1.2+squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-23T14:46:19", "description": "Updated rubygem-actionpack, rubygem-activesupport, and rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Subscription Asset Manager.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRuby on Rails is a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Active Record implements object-relational mapping for accessing database entries using objects. Active Support provides support and utility classes used by the Ruby on Rails framework.\n\nMultiple flaws were found in the way Ruby on Rails performed XML parameter parsing in HTTP requests. A remote attacker could use these flaws to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created HTTP request. (CVE-2013-0156)\n\nRed Hat is aware that a public exploit for the CVE-2013-0156 issues is available that allows remote code execution in applications using Ruby on Rails.\n\nMultiple input validation vulnerabilities were discovered in rubygem-activerecord. A remote attacker could possibly use these flaws to perform a SQL injection attack against an application using rubygem-activerecord. (CVE-2012-2661, CVE-2012-2695, CVE-2012-6496, CVE-2013-0155)\n\nMultiple input validation vulnerabilities were discovered in rubygem-actionpack. A remote attacker could possibly use these flaws to perform a SQL injection attack against an application using rubygem-actionpack and rubygem-activerecord. (CVE-2012-2660, CVE-2012-2694)\n\nMultiple cross-site scripting (XSS) flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack.\n(CVE-2012-3463, CVE-2012-3464, CVE-2012-3465)\n\nA flaw was found in the HTTP digest authentication implementation in rubygem-actionpack. A remote attacker could use this flaw to cause a denial of service of an application using rubygem-actionpack and digest authentication. (CVE-2012-3424)\n\nUsers are advised to upgrade to these updated rubygem-actionpack, rubygem-activesupport, and rubygem-activerecord packages, which resolve these issues. Katello must be restarted ('service katello restart') for this update to take effect.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 6 : Ruby on Rails in Subscription Asset Manager (RHSA-2013:0154)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2661", "CVE-2012-2694", "CVE-2012-2695", "CVE-2012-3424", "CVE-2012-3463", "CVE-2012-3464", "CVE-2012-3465", "CVE-2012-6496", "CVE-2013-0155", "CVE-2013-0156"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack", "p-cpe:/a:redhat:enterprise_linux:rubygem-activerecord", "p-cpe:/a:redhat:enterprise_linux:rubygem-activesupport", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-0154.NASL", "href": "https://www.tenable.com/plugins/nessus/64076", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0154. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64076);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-2661\", \"CVE-2012-2694\", \"CVE-2012-2695\", \"CVE-2012-3424\", \"CVE-2012-3463\", \"CVE-2012-3464\", \"CVE-2012-3465\", \"CVE-2012-6496\", \"CVE-2013-0155\", \"CVE-2013-0156\");\n script_xref(name:\"RHSA\", value:\"2013:0154\");\n\n script_name(english:\"RHEL 6 : Ruby on Rails in Subscription Asset Manager (RHSA-2013:0154)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rubygem-actionpack, rubygem-activesupport, and\nrubygem-activerecord packages that fix multiple security issues are\nnow available for Red Hat Subscription Asset Manager.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRuby on Rails is a model-view-controller (MVC) framework for web\napplication development. Action Pack implements the controller and the\nview components. Active Record implements object-relational mapping\nfor accessing database entries using objects. Active Support provides\nsupport and utility classes used by the Ruby on Rails framework.\n\nMultiple flaws were found in the way Ruby on Rails performed XML\nparameter parsing in HTTP requests. A remote attacker could use these\nflaws to execute arbitrary code with the privileges of a Ruby on Rails\napplication, perform SQL injection attacks, or bypass the\nauthentication using a specially-created HTTP request. (CVE-2013-0156)\n\nRed Hat is aware that a public exploit for the CVE-2013-0156 issues is\navailable that allows remote code execution in applications using Ruby\non Rails.\n\nMultiple input validation vulnerabilities were discovered in\nrubygem-activerecord. A remote attacker could possibly use these flaws\nto perform a SQL injection attack against an application using\nrubygem-activerecord. (CVE-2012-2661, CVE-2012-2695, CVE-2012-6496,\nCVE-2013-0155)\n\nMultiple input validation vulnerabilities were discovered in\nrubygem-actionpack. A remote attacker could possibly use these flaws\nto perform a SQL injection attack against an application using\nrubygem-actionpack and rubygem-activerecord. (CVE-2012-2660,\nCVE-2012-2694)\n\nMultiple cross-site scripting (XSS) flaws were found in\nrubygem-actionpack. A remote attacker could use these flaws to conduct\nXSS attacks against users of an application using rubygem-actionpack.\n(CVE-2012-3463, CVE-2012-3464, CVE-2012-3465)\n\nA flaw was found in the HTTP digest authentication implementation in\nrubygem-actionpack. A remote attacker could use this flaw to cause a\ndenial of service of an application using rubygem-actionpack and\ndigest authentication. (CVE-2012-3424)\n\nUsers are advised to upgrade to these updated rubygem-actionpack,\nrubygem-activesupport, and rubygem-activerecord packages, which\nresolve these issues. Katello must be restarted ('service katello\nrestart') for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-6496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0156\"\n );\n # https://access.redhat.com/knowledge/solutions/290903\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/solutions/290903\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rubygem-actionpack, rubygem-activerecord and / or\nrubygem-activesupport packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails XML Processor YAML Deserialization Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0154\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"candlepin-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Subscription Asset Manager\");\n\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-actionpack-3.0.10-11.el6cf\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-activerecord-3.0.10-8.el6cf\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-activesupport-3.0.10-5.el6cf\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack / rubygem-activerecord / rubygem-activesupport\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:24", "description": "Update to Rails 5.0.0.1.\n\nEnable whole test suite in Railties.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-11-15T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2016-5760339e76)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:rubygem-actionmailer", "p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord", "p-cpe:/a:fedoraproject:fedora:1:rubygem-activesupport", "p-cpe:/a:fedoraproject:fedora:1:rubygem-rails", "p-cpe:/a:fedoraproject:fedora:rubygem-actioncable", "p-cpe:/a:fedoraproject:fedora:rubygem-actionview", "p-cpe:/a:fedoraproject:fedora:rubygem-activejob", "p-cpe:/a:fedoraproject:fedora:rubygem-activemodel", "p-cpe:/a:fedoraproject:fedora:rubygem-railties", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-5760339E76.NASL", "href": "https://www.tenable.com/plugins/nessus/94808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-5760339e76.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94808);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n\n script_name(english:\"Fedora 25 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2016-5760339e76)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Rails 5.0.0.1.\n\nEnable whole test suite in Railties.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-5760339e76\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actioncable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activejob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-actionmailer-5.0.0.1-1.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-actionpack-5.0.0.1-2.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-activerecord-5.0.0.1-1.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-activesupport-5.0.0.1-1.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-rails-5.0.0.1-1.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-actioncable-5.0.0.1-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-actionview-5.0.0.1-2.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-activejob-5.0.0.1-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-activemodel-5.0.0.1-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-railties-5.0.0.1-2.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:rubygem-actionmailer / 1:rubygem-actionpack / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-06T14:20:57", "description": "rubygem-activerecord -- multiple vulernabilities\n\nDue to the way Active Record interprets parameters in combination with the way that Rack parses query parameters, it is possible for an attacker to issue unexpected database queries with 'IS NULL' where clauses. This issue does *not* let an attacker insert arbitrary values into a SQL query, however they can cause the query to check for NULL where most users wouldn't expect it.\n\nDue to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.", "cvss3": {}, "published": "2012-07-24T00:00:00", "type": "nessus", "title": "FreeBSD : rubygem-activerecord -- multiple vulnerabilities (748aa89f-d529-11e1-82ab-001fd0af1a4c)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2661"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-activemodel", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_748AA89FD52911E182AB001FD0AF1A4C.NASL", "href": "https://www.tenable.com/plugins/nessus/60101", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60101);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-2661\");\n\n script_name(english:\"FreeBSD : rubygem-activerecord -- multiple vulnerabilities (748aa89f-d529-11e1-82ab-001fd0af1a4c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"rubygem-activerecord -- multiple vulernabilities\n\nDue to the way Active Record interprets parameters in combination with\nthe way that Rack parses query parameters, it is possible for an\nattacker to issue unexpected database queries with 'IS NULL' where\nclauses. This issue does *not* let an attacker insert arbitrary values\ninto a SQL query, however they can cause the query to check for NULL\nwhere most users wouldn't expect it.\n\nDue to the way Active Record handles nested query parameters, an\nattacker can use a specially crafted request to inject some forms of\nSQL into your application's SQL queries.\"\n );\n # https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/8SA-M3as7A8\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f997721c\"\n );\n # https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/dUaiOOGWL1k\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad95742e\"\n );\n # https://vuxml.freebsd.org/freebsd/748aa89f-d529-11e1-82ab-001fd0af1a4c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?482ec7fb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activemodel<3.2.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-21T14:25:35", "description": "Ruby on Rails team reports :\n\nTwo high-risk vulnerabilities have been discovered :\n\n(CVE-2013-0155) There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing.\n\nDue to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with 'IS NULL' or empty 'WHERE' clauses. This issue does not let an attacker insert arbitrary values into a SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users would not expect it.\n\n(CVE-2013-0156) There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.\n\nThe parameter parsing code of Ruby on Rails allows applications to automatically cast values from strings to certain data types.\nUnfortunately the type casting code supported certain conversions which were not suitable for performing on user-provided data including creating Symbols and parsing YAML. These unsuitable conversions can be used by an attacker to compromise a Rails application.", "cvss3": {}, "published": "2013-01-09T00:00:00", "type": "nessus", "title": "FreeBSD : rubygem-rails -- multiple vulnerabilities (ca5d3272-59e3-11e2-853b-00262d5ed8ee)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-0156"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-actionpack", "p-cpe:/a:freebsd:freebsd:rubygem-activerecord", "p-cpe:/a:freebsd:freebsd:rubygem-activesupport", "p-cpe:/a:freebsd:freebsd:rubygem-rails", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_CA5D327259E311E2853B00262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/63435", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63435);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\");\n\n script_name(english:\"FreeBSD : rubygem-rails -- multiple vulnerabilities (ca5d3272-59e3-11e2-853b-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ruby on Rails team reports :\n\nTwo high-risk vulnerabilities have been discovered :\n\n(CVE-2013-0155) There is a vulnerability when Active Record is used in\nconjunction with JSON parameter parsing.\n\nDue to the way Active Record interprets parameters in combination with\nthe way that JSON parameters are parsed, it is possible for an\nattacker to issue unexpected database queries with 'IS NULL' or empty\n'WHERE' clauses. This issue does not let an attacker insert arbitrary\nvalues into a SQL query, however they can cause the query to check\nfor NULL or eliminate a WHERE clause when most users would not expect\nit.\n\n(CVE-2013-0156) There are multiple weaknesses in the parameter parsing\ncode for Ruby on Rails which allows attackers to bypass authentication\nsystems, inject arbitrary SQL, inject and execute arbitrary code, or\nperform a DoS attack on a Rails application.\n\nThe parameter parsing code of Ruby on Rails allows applications to\nautomatically cast values from strings to certain data types.\nUnfortunately the type casting code supported certain conversions\nwhich were not suitable for performing on user-provided data including\ncreating Symbols and parsing YAML. These unsuitable conversions can be\nused by an attacker to compromise a Rails application.\"\n );\n # http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d9016417\"\n );\n # https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/t1WFuuQyavI\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b87306bb\"\n );\n # https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/61bkgvnSGTQ\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b567888\"\n );\n # https://vuxml.freebsd.org/freebsd/ca5d3272-59e3-11e2-853b-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ec830af\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails XML Processor YAML Deserialization Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-rails<3.2.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionpack<3.2.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activerecord<3.2.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activesupport<3.2.11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-22T14:24:48", "description": "Fix for CVE-2013-0155 and CVE-2013-0156.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "nessus", "title": "Fedora 18 : rubygem-actionpack-3.2.8-2.fc18 / rubygem-activerecord-3.2.8-3.fc18 / etc (2013-0568)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-0156"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:rubygem-activerecord", "p-cpe:/a:fedoraproject:fedora:rubygem-activesupport", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-0568.NASL", "href": "https://www.tenable.com/plugins/nessus/63635", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0568.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63635);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\");\n script_bugtraq_id(57187, 57192);\n script_xref(name:\"FEDORA\", value:\"2013-0568\");\n\n script_name(english:\"Fedora 18 : rubygem-actionpack-3.2.8-2.fc18 / rubygem-activerecord-3.2.8-3.fc18 / etc (2013-0568)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2013-0155 and CVE-2013-0156.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=892866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=892870\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097212.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?067990bc\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097213.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c882bf3a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097214.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f80d53f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rubygem-actionpack, rubygem-activerecord and / or\nrubygem-activesupport packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails XML Processor YAML Deserialization Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"rubygem-actionpack-3.2.8-2.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"rubygem-activerecord-3.2.8-3.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"rubygem-activesupport-3.2.8-2.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack / rubygem-activerecord / rubygem-activesupport\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-22T14:25:16", "description": "Fix for CVE-2013-0155 and CVE-2013-0156.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-01-23T00:00:00", "type": "nessus", "title": "Fedora 17 : rubygem-actionpack-3.0.11-8.fc17 / rubygem-activemodel-3.0.11-2.fc17 / etc (2013-0635)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-0156"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:rubygem-activemodel", "p-cpe:/a:fedoraproject:fedora:rubygem-activerecord", "p-cpe:/a:fedoraproject:fedora:rubygem-activesupport", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2013-0635.NASL", "href": "https://www.tenable.com/plugins/nessus/63654", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0635.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63654);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\");\n script_bugtraq_id(57187, 57192);\n script_xref(name:\"FEDORA\", value:\"2013-0635\");\n\n script_name(english:\"Fedora 17 : rubygem-actionpack-3.0.11-8.fc17 / rubygem-activemodel-3.0.11-2.fc17 / etc (2013-0635)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2013-0155 and CVE-2013-0156.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=892866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=892870\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097311.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e87f366\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097312.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c92a7f50\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097313.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9a0583e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097314.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?231fb222\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails XML Processor YAML Deserialization Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"rubygem-actionpack-3.0.11-8.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"rubygem-activemodel-3.0.11-2.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"rubygem-activerecord-3.0.11-5.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"rubygem-activesupport-3.0.11-7.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack / rubygem-activemodel / rubygem-activerecord / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-23T14:46:48", "description": "Fix for CVE-2013-0155 and CVE-2013-0156.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-01-23T00:00:00", "type": "nessus", "title": "Fedora 16 : rubygem-actionpack-3.0.10-10.fc16 / rubygem-activemodel-3.0.10-2.fc16 / etc (2013-0686)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-0156"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:rubygem-activemodel", "p-cpe:/a:fedoraproject:fedora:rubygem-activerecord", "p-cpe:/a:fedoraproject:fedora:rubygem-activesupport", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2013-0686.NASL", "href": "https://www.tenable.com/plugins/nessus/63657", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0686.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63657);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\");\n script_bugtraq_id(57187, 57192);\n script_xref(name:\"FEDORA\", value:\"2013-0686\");\n\n script_name(english:\"Fedora 16 : rubygem-actionpack-3.0.10-10.fc16 / rubygem-activemodel-3.0.10-2.fc16 / etc (2013-0686)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2013-0155 and CVE-2013-0156.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=892866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=892870\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097243.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2743c0dd\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097244.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd58f5f4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097245.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9313742d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097246.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?11102c4e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails XML Processor YAML Deserialization Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-actionpack-3.0.10-10.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-activemodel-3.0.10-2.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-activerecord-3.0.10-5.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-activesupport-3.0.10-5.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack / rubygem-activemodel / rubygem-activerecord / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-07T14:33:02", "description": "Red Hat OpenShift Enterprise 1.1.1 is now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS) solution from Red Hat, and is designed for on-premise or private cloud deployments.\n\nInstalling the updated packages and restarting the OpenShift services are the only requirements for this update. However, if you are updating your system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise 1.1.1 updates, it is recommended that you restart your system.\n\nFor further information about this release, refer to the OpenShift Enterprise 1.1.1 Technical Notes, available shortly from https://access.redhat.com/knowledge/docs/\n\nThis update also fixes the following security issues :\n\nMultiple cross-site scripting (XSS) flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack.\n(CVE-2012-3463, CVE-2012-3464, CVE-2012-3465)\n\nIt was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files with names based on untrusted input, it could result in the creation of files with different names than expected.\n(CVE-2012-4522)\n\nA denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, a new, more collision resistant algorithm has been used to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-5371)\n\nInput validation vulnerabilities were discovered in rubygem-activerecord. A remote attacker could possibly use these flaws to perform a SQL injection attack against an application using rubygem-activerecord. (CVE-2012-2661, CVE-2012-2695, CVE-2013-0155)\n\nInput validation vulnerabilities were discovered in rubygem-actionpack. A remote attacker could possibly use these flaws to perform a SQL injection attack against an application using rubygem-actionpack and rubygem-activerecord. (CVE-2012-2660, CVE-2012-2694)\n\nA flaw was found in the HTTP digest authentication implementation in rubygem-actionpack. A remote attacker could use this flaw to cause a denial of service of an application using rubygem-actionpack and digest authentication. (CVE-2012-3424)\n\nA flaw was found in the handling of strings in Ruby safe level 4. A remote attacker can use Exception#to_s to destructively modify an untainted string so that it is tainted, the string can then be arbitrarily modified. (CVE-2012-4466)\n\nA flaw was found in the method for translating an exception message into a string in the Ruby Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2012-4464)\n\nIt was found that ruby_parser from rubygem-ruby_parser created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwriting arbitrary files accessible to the application using ruby_parser. (CVE-2013-0162)\n\nThe CVE-2013-0162 issue was discovered by Michael Scherer of the Red Hat Regional IT team.\n\nUsers are advised to upgrade to Red Hat OpenShift Enterprise 1.1.1.", "cvss3": {}, "published": "2018-12-06T00:00:00", "type": "nessus", "title": "RHEL 6 : openshift (RHSA-2013:0582)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2661", "CVE-2012-2694", "CVE-2012-2695", "CVE-2012-3424", "CVE-2012-3463", "CVE-2012-3464", "CVE-2012-3465", "CVE-2012-4464", "CVE-2012-4466", "CVE-2012-4522", "CVE-2012-5371", "CVE-2013-0155", "CVE-2013-0162", "CVE-2013-0276"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:graphviz", "p-cpe:/a:redhat:enterprise_linux:graphviz-debuginfo", "p-cpe:/a:redhat:enterprise_linux:graphviz-devel", "p-cpe:/a:redhat:enterprise_linux:graphviz-doc", "p-cpe:/a:redhat:enterprise_linux:graphviz-gd", "p-cpe:/a:redhat:enterprise_linux:graphviz-ruby", "p-cpe:/a:redhat:enterprise_linux:openshift-console", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker-util", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-cron-1.4", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-diy-0.1", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-haproxy-1.4", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbosseap-6.0", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbossews-1.0", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jenkins-1.4", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jenkins-client-1.4", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-mysql-5.1", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-perl-5.10", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-php-5.3", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-postgresql-8.4", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-ruby-1.8", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-ruby-1.9-scl", "p-cpe:/a:redhat:enterprise_linux:openshift-origin-msg-node-mcollective", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-debuginfo", "p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-process", "p-cpe:/a:redhat:enterprise_linux:ruby193-ruby", "p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-devel", "p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-doc", "p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-irb", "p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-libs", "p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-tcltk", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-actionpack", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-actionpack-doc", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activemodel", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activemodel-doc", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activerecord", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activerecord-doc", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-bigdecimal", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-io-console", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-json", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-minitest", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-railties", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-railties-doc", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rake", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rdoc", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby_parser", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby_parser-doc", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygems", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygems-devel", "p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack", "p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel", "p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-activerecord", "p-cpe:/a:redhat:enterprise_linux:rubygem-bson", "p-cpe:/a:redhat:enterprise_linux:rubygem-mongo", "p-cpe:/a:redhat:enterprise_linux:rubygem-mongo-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-auth-remote-user", "p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-console", "p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-console-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-controller", "p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-node", "p-cpe:/a:redhat:enterprise_linux:rubygem-ruby_parser", "p-cpe:/a:redhat:enterprise_linux:rubygem-ruby_parser-doc", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-0582.NASL", "href": "https://www.tenable.com/plugins/nessus/119432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0582. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119432);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-2661\", \"CVE-2012-2694\", \"CVE-2012-2695\", \"CVE-2012-3424\", \"CVE-2012-3463\", \"CVE-2012-3464\", \"CVE-2012-3465\", \"CVE-2012-4464\", \"CVE-2012-4466\", \"CVE-2012-4522\", \"CVE-2012-5371\", \"CVE-2013-0155\", \"CVE-2013-0162\", \"CVE-2013-0276\");\n script_bugtraq_id(53753, 53754, 53970, 53976, 54704, 54957, 54958, 54959, 55757, 56115, 56484, 57192, 58110);\n script_xref(name:\"RHSA\", value:\"2013:0582\");\n\n script_name(english:\"RHEL 6 : openshift (RHSA-2013:0582)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Red Hat OpenShift Enterprise 1.1.1 is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS)\nsolution from Red Hat, and is designed for on-premise or private cloud\ndeployments.\n\nInstalling the updated packages and restarting the OpenShift services\nare the only requirements for this update. However, if you are\nupdating your system to Red Hat Enterprise Linux 6.4 while applying\nOpenShift Enterprise 1.1.1 updates, it is recommended that you restart\nyour system.\n\nFor further information about this release, refer to the OpenShift\nEnterprise 1.1.1 Technical Notes, available shortly from\nhttps://access.redhat.com/knowledge/docs/\n\nThis update also fixes the following security issues :\n\nMultiple cross-site scripting (XSS) flaws were found in\nrubygem-actionpack. A remote attacker could use these flaws to conduct\nXSS attacks against users of an application using rubygem-actionpack.\n(CVE-2012-3463, CVE-2012-3464, CVE-2012-3465)\n\nIt was found that certain methods did not sanitize file names before\npassing them to lower layer routines in Ruby. If a Ruby application\ncreated files with names based on untrusted input, it could result in\nthe creation of files with different names than expected.\n(CVE-2012-4522)\n\nA denial of service flaw was found in the implementation of\nassociative arrays (hashes) in Ruby. An attacker able to supply a\nlarge number of inputs to a Ruby application (such as HTTP POST\nrequest parameters sent to a web application) that are used as keys\nwhen inserting data into an array could trigger multiple hash function\ncollisions, making array operations take an excessive amount of CPU\ntime. To mitigate this issue, a new, more collision resistant\nalgorithm has been used to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-5371)\n\nInput validation vulnerabilities were discovered in\nrubygem-activerecord. A remote attacker could possibly use these flaws\nto perform a SQL injection attack against an application using\nrubygem-activerecord. (CVE-2012-2661, CVE-2012-2695, CVE-2013-0155)\n\nInput validation vulnerabilities were discovered in\nrubygem-actionpack. A remote attacker could possibly use these flaws\nto perform a SQL injection attack against an application using\nrubygem-actionpack and rubygem-activerecord. (CVE-2012-2660,\nCVE-2012-2694)\n\nA flaw was found in the HTTP digest authentication implementation in\nrubygem-actionpack. A remote attacker could use this flaw to cause a\ndenial of service of an application using rubygem-actionpack and\ndigest authentication. (CVE-2012-3424)\n\nA flaw was found in the handling of strings in Ruby safe level 4. A\nremote attacker can use Exception#to_s to destructively modify an\nuntainted string so that it is tainted, the string can then be\narbitrarily modified. (CVE-2012-4466)\n\nA flaw was found in the method for translating an exception message\ninto a string in the Ruby Exception class. A remote attacker could use\nthis flaw to bypass safe level 4 restrictions, allowing untrusted\n(tainted) code to modify arbitrary, trusted (untainted) strings, which\nsafe level 4 restrictions would otherwise prevent. (CVE-2012-4464)\n\nIt was found that ruby_parser from rubygem-ruby_parser created a\ntemporary file in an insecure way. A local attacker could use this\nflaw to perform a symbolic link attack, overwriting arbitrary files\naccessible to the application using ruby_parser. (CVE-2013-0162)\n\nThe CVE-2013-0162 issue was discovered by Michael Scherer of the Red\nHat Regional IT team.\n\nUsers are advised to upgrade to Red Hat OpenShift Enterprise 1.1.1.\"\n );\n # https://access.redhat.com/knowledge/docs/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0276\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:graphviz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:graphviz-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:graphviz-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:graphviz-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:graphviz-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:graphviz-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-cron-1.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-diy-0.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-haproxy-1.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbosseap-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbossews-1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jenkins-1.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jenkins-client-1.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-mysql-5.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-perl-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-php-5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-postgresql-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-ruby-1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-ruby-1.9-scl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-msg-node-mcollective\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-actionpack-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activemodel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activerecord-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-railties-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby_parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby_parser-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygems-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-bson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-mongo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-mongo-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-auth-remote-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-console-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-ruby_parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-ruby_parser-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0582\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"graphviz-2.26.0-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"graphviz-debuginfo-2.26.0-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"graphviz-devel-2.26.0-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"graphviz-doc-2.26.0-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"graphviz-gd-2.26.0-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"graphviz-ruby-2.26.0-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-console-0.0.16-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-broker-1.0.11-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-broker-util-1.0.15-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-cron-1.4-1.0.3-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-diy-0.1-1.0.3-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-haproxy-1.4-1.0.4-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-jbosseap-6.0-1.0.4-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-jbossews-1.0-1.0.13-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-jenkins-1.4-1.0.2-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-jenkins-client-1.4-1.0.2-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-mysql-5.1-1.0.5-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-perl-5.10-1.0.3-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-php-5.3-1.0.5-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-postgresql-8.4-1.0.3-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-ruby-1.8-1.0.7-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-ruby-1.9-scl-1.0.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-msg-node-mcollective-1.0.3-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-bcmath-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-debuginfo-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-devel-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-imap-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-mbstring-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-process-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-ruby-1.9.3.327-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-ruby-debuginfo-1.9.3.327-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-ruby-devel-1.9.3.327-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-ruby-doc-1.9.3.327-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-ruby-irb-1.9.3.327-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-ruby-libs-1.9.3.327-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-ruby-tcltk-1.9.3.327-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygem-actionpack-3.2.8-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygem-actionpack-doc-3.2.8-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygem-activemodel-3.2.8-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygem-activemodel-doc-3.2.8-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygem-activerecord-3.2.8-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygem-activerecord-doc-3.2.8-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-rubygem-bigdecimal-1.1.0-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-rubygem-io-console-0.3-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-rubygem-json-1.5.4-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygem-minitest-2.5.1-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygem-railties-3.2.8-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygem-railties-doc-3.2.8-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygem-rake-0.9.2.2-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-rubygem-rdoc-3.9.4-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygem-ruby_parser-2.3.1-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygem-ruby_parser-doc-2.3.1-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygems-1.8.23-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygems-devel-1.8.23-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-actionpack-3.0.13-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-activemodel-3.0.13-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-activemodel-doc-3.0.13-3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-activerecord-3.0.13-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-bson-1.8.1-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-mongo-1.8.1-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-mongo-doc-1.8.1-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-openshift-origin-auth-remote-user-1.0.5-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-openshift-origin-console-1.0.10-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-openshift-origin-console-doc-1.0.10-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-openshift-origin-controller-1.0.12-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-openshift-origin-node-1.0.11-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-ruby_parser-2.0.4-6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-ruby_parser-doc-2.0.4-6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"graphviz / graphviz-debuginfo / graphviz-devel / graphviz-doc / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-07T14:17:20", "description": "- fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS (bnc#853625). File CVE-2013-4491.patch contains the patch\n\n - fix CVE-2013-6414: rubygem-actionpack: Action View DoS (bnc#853633). File CVE-2013-6414.patch contains the patch.\n\n - fix CVE-2013-6415: rubygem-actionpack:\n number_to_currency XSS (bnc#853632). File CVE-2013-6415.patch contains the patch.\n\n - fix CVE-2013-6417: rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013-0155) (bnc#853627). File CVE-2013-6417.patch contains the patch.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1906-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-4491", "CVE-2013-6414", "CVE-2013-6415", "CVE-2013-6417"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2013-990.NASL", "href": "https://www.tenable.com/plugins/nessus/75237", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-990.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75237);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-4491\", \"CVE-2013-6414\", \"CVE-2013-6415\", \"CVE-2013-6417\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1906-1)\");\n script_summary(english:\"Check for the openSUSE-2013-990 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix CVE-2013-4491: rubygem-actionpack: i18n missing\n translation XSS (bnc#853625). File CVE-2013-4491.patch\n contains the patch\n\n - fix CVE-2013-6414: rubygem-actionpack: Action View DoS\n (bnc#853633). File CVE-2013-6414.patch contains the\n patch.\n\n - fix CVE-2013-6415: rubygem-actionpack:\n number_to_currency XSS (bnc#853632). File\n CVE-2013-6415.patch contains the patch.\n\n - fix CVE-2013-6417: rubygem-actionpack: unsafe query\n generation risk (incomplete fix for CVE-2013-0155)\n (bnc#853627). File CVE-2013-6417.patch contains the\n patch.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack-3_2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"rubygem-actionpack-3_2-3.2.13-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack-3_2\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-07T14:19:51", "description": "- fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS (bnc#853625). File CVE-2013-4491.patch contains the patch\n\n - fix CVE-2013-6414: rubygem-actionpack: Action View DoS (bnc#853633). File CVE-2013-6414.patch contains the patch.\n\n - fix CVE-2013-6415: rubygem-actionpack:\n number_to_currency XSS (bnc#853632). File CVE-2013-6415.patch contains the patch.\n\n - fix CVE-2013-6417: rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013-0155) (bnc#853627). File CVE-2013-6417.patch contains the patch.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1904-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-4491", "CVE-2013-6414", "CVE-2013-6415", "CVE-2013-6417"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2013-989.NASL", "href": "https://www.tenable.com/plugins/nessus/75236", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-989.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75236);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-4491\", \"CVE-2013-6414\", \"CVE-2013-6415\", \"CVE-2013-6417\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1904-1)\");\n script_summary(english:\"Check for the openSUSE-2013-989 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix CVE-2013-4491: rubygem-actionpack: i18n missing\n translation XSS (bnc#853625). File CVE-2013-4491.patch\n contains the patch\n\n - fix CVE-2013-6414: rubygem-actionpack: Action View DoS\n (bnc#853633). File CVE-2013-6414.patch contains the\n patch.\n\n - fix CVE-2013-6415: rubygem-actionpack:\n number_to_currency XSS (bnc#853632). File\n CVE-2013-6415.patch contains the patch.\n\n - fix CVE-2013-6417: rubygem-actionpack: unsafe query\n generation risk (incomplete fix for CVE-2013-0155)\n (bnc#853627). File CVE-2013-6417.patch contains the\n patch.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack-3_2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"rubygem-actionpack-3_2-3.2.12-1.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack-3_2\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-07T14:20:45", "description": "- fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS (bnc#853625). File CVE-2013-4491.patch contains the patch\n\n - fix CVE-2013-6414: rubygem-actionpack: Action View DoS (bnc#853633). File CVE-2013-6414.patch contains the patch.\n\n - fix CVE-2013-6415: rubygem-actionpack:\n number_to_currency XSS (bnc#853632). File CVE-2013-6415.patch contains the patch.\n\n - fix CVE-2013-6417: rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013-0155) (bnc#853627). File CVE-2013-6417.patch contains the patch.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1907-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-4491", "CVE-2013-6414", "CVE-2013-6415", "CVE-2013-6417"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2013-988.NASL", "href": "https://www.tenable.com/plugins/nessus/75235", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-988.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75235);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-4491\", \"CVE-2013-6414\", \"CVE-2013-6415\", \"CVE-2013-6417\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1907-1)\");\n script_summary(english:\"Check for the openSUSE-2013-988 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix CVE-2013-4491: rubygem-actionpack: i18n missing\n translation XSS (bnc#853625). File CVE-2013-4491.patch\n contains the patch\n\n - fix CVE-2013-6414: rubygem-actionpack: Action View DoS\n (bnc#853633). File CVE-2013-6414.patch contains the\n patch.\n\n - fix CVE-2013-6415: rubygem-actionpack:\n number_to_currency XSS (bnc#853632). File\n CVE-2013-6415.patch contains the patch.\n\n - fix CVE-2013-6417: rubygem-actionpack: unsafe query\n generation risk (incomplete fix for CVE-2013-0155)\n (bnc#853627). File CVE-2013-6417.patch contains the\n patch.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack-3_2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"rubygem-actionpack-3_2-3.2.12-3.21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack-3_2\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T16:33:26", "description": "This update fixes the following security issues with rubygem-actionpack-3_2 :\n\n - fix CVE-2013-4389: rubygem-actionmailer-3_1: possible DoS vulnerability in the log subscriber component (bnc#846239) File CVE-2013-4389.patch contains the fix.\n\n - fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS (bnc#853625). File CVE-2013-4491.patch contains the patch\n\n - fix CVE-2013-6414: rubygem-actionpack: Action View DoS (bnc#853633). File CVE-2013-6414.patch contains the patch.\n\n - fix CVE-2013-6415: rubygem-actionpack:\n number_to_currency XSS (bnc#853632). File CVE-2013-6415.patch contains the patch.\n\n - fix CVE-2013-6417: rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013-0155) (bnc#853627). File CVE-2013-6417.patch contains the patch.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2014:0009-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-4389", "CVE-2013-4491", "CVE-2013-6414", "CVE-2013-6415", "CVE-2013-6417"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2", "cpe:/o:novell:opensuse:12.2", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-1.NASL", "href": "https://www.tenable.com/plugins/nessus/75284", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-1.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75284);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-4389\", \"CVE-2013-4491\", \"CVE-2013-6414\", \"CVE-2013-6415\", \"CVE-2013-6417\");\n script_bugtraq_id(63179, 64074, 64076, 64077, 64106);\n\n script_name(english:\"openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2014:0009-1)\");\n script_summary(english:\"Check for the openSUSE-2014-1 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues with\nrubygem-actionpack-3_2 :\n\n - fix CVE-2013-4389: rubygem-actionmailer-3_1: possible\n DoS vulnerability in the log subscriber component\n (bnc#846239) File CVE-2013-4389.patch contains the fix.\n\n - fix CVE-2013-4491: rubygem-actionpack: i18n missing\n translation XSS (bnc#853625). File CVE-2013-4491.patch\n contains the patch\n\n - fix CVE-2013-6414: rubygem-actionpack: Action View DoS\n (bnc#853633). File CVE-2013-6414.patch contains the\n patch.\n\n - fix CVE-2013-6415: rubygem-actionpack:\n number_to_currency XSS (bnc#853632). File\n CVE-2013-6415.patch contains the patch.\n\n - fix CVE-2013-6417: rubygem-actionpack: unsafe query\n generation risk (incomplete fix for CVE-2013-0155)\n (bnc#853627). File CVE-2013-6417.patch contains the\n patch.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=846239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack-3_2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"rubygem-actionpack-3_2-3.2.12-3.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"rubygem-actionpack-3_2-3.2.12-1.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"rubygem-actionpack-3_2-3.2.13-2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack-3_2\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-18T14:28:55", "description": "Includes security patches for :\n\n - CVE-2013-6417 - Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)\n\n - CVE-2013-4491 - Reflective XSS Vulnerability in Ruby on Rails\n\n - CVE-2013-6415 - XSS Vulnerability in number_to_currency\n\n - CVE-2013-6414 - Denial of Service Vulnerability in Action View\n\n - CVE-2013-6416 - XSS Vulnerability in simple_format helper\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-03-07T00:00:00", "type": "nessus", "title": "Fedora 20 : rubygem-actionpack-4.0.0-2.fc20 (2013-23636)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0155", "CVE-2013-4491", "CVE-2013-6414", "CVE-2013-6415", "CVE-2013-6416", "CVE-2013-6417"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2013-23636.NASL", "href": "https://www.tenable.com/plugins/nessus/72867", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-23636.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72867);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(64071, 64074, 64076, 64077, 64106);\n script_xref(name:\"FEDORA\", value:\"2013-23636\");\n\n script_name(english:\"Fedora 20 : rubygem-actionpack-4.0.0-2.fc20 (2013-23636)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Includes security patches for :\n\n - CVE-2013-6417 - Incomplete fix to CVE-2013-0155 (Unsafe\n Query Generation Risk)\n\n - CVE-2013-4491 - Reflective XSS Vulnerability in Ruby\n on Rails\n\n - CVE-2013-6415 - XSS Vulnerability in\n number_to_currency\n\n - CVE-2013-6414 - Denial of Service Vulnerability in\n Action View\n\n - CVE-2013-6416 - XSS Vulnerability in simple_format\n helper\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129541.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3dc75877\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"rubygem-actionpack-4.0.0-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-02-09T14:15:48", "description": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-09-07T19:28:00", "type": "cve", "title": "CVE-2016-6317", "cwe": ["CWE-284", "CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155", "CVE-2016-6317"], "modified": "2019-08-08T15:16:00", "cpe": ["cpe:/a:rubyonrails:rails:4.2.0", "cpe:/a:rubyonrails:rails:4.2.5.1", "cpe:/a:rubyonrails:rails:4.2.5", "cpe:/a:rubyonrails:rails:4.2.4", "cpe:/a:rubyonrails:rails:4.2.3", "cpe:/a:rubyonrails:rails:4.2.6", "cpe:/a:rubyonrails:rails:4.2.2", "cpe:/a:rubyonrails:rails:4.2.7", "cpe:/a:rubyonrails:rails:4.2.1", "cpe:/a:rubyonrails:rails:4.2.5.2"], "id": "CVE-2016-6317", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6317", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:29:23", "description": "Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660 and CVE-2012-2694.", "cvss3": {}, "published": "2013-01-13T22:55:00", "type": "cve", "title": "CVE-2013-0155", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155"], "modified": "2019-08-08T15:42:00", "cpe": ["cpe:/o:debian:debian_linux:6.0"], "id": "CVE-2013-0155", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0155", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:05:08", "description": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2694.", "cvss3": {}, "published": "2012-06-22T14:55:00", "type": "cve", "title": "CVE-2012-2660", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2019-08-08T15:42:00", "cpe": ["cpe:/a:rubyonrails:rails:3.2.0", "cpe:/a:rubyonrails:rails:3.0.5", "cpe:/a:rubyonrails:ruby_on_rails:3.0.4", "cpe:/a:rubyonrails:rails:3.0.11", "cpe:/a:rubyonrails:rails:3.1.1", "cpe:/a:rubyonrails:rails:3.2.4", "cpe:/a:rubyonrails:rails:3.0.4", "cpe:/a:rubyonrails:rails:3.0.3", "cpe:/a:rubyonrails:rails:3.1.3", "cpe:/a:rubyonrails:rails:3.0.8", "cpe:/a:rubyonrails:rails:3.0.1", "cpe:/a:rubyonrails:rails:3.0.2", "cpe:/a:rubyonrails:rails:3.2.3", "cpe:/a:rubyonrails:rails:3.2.2", "cpe:/a:rubyonrails:rails:3.0.6", "cpe:/a:rubyonrails:rails:3.0.12", "cpe:/a:rubyonrails:rails:3.1.5", "cpe:/a:rubyonrails:rails:3.0.10", "cpe:/a:rubyonrails:rails:3.1.2", "cpe:/a:rubyonrails:rails:3.0.7", "cpe:/a:rubyonrails:rails:3.0.0", "cpe:/a:rubyonrails:rails:3.1.4", "cpe:/a:rubyonrails:rails:3.2.1", "cpe:/a:rubyonrails:rails:3.0.13", "cpe:/a:rubyonrails:rails:3.1.0", "cpe:/a:rubyonrails:rails:3.0.9"], "id": "CVE-2012-2660", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2660", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:05:12", "description": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain \"['xyz', nil]\" values, a related issue to CVE-2012-2660.", "cvss3": {}, "published": "2012-06-22T14:55:00", "type": "cve", "title": "CVE-2012-2694", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2019-08-08T15:42:00", "cpe": ["cpe:/a:rubyonrails:rails:3.2.0", "cpe:/a:rubyonrails:rails:3.0.5", "cpe:/a:rubyonrails:ruby_on_rails:3.0.4", "cpe:/a:rubyonrails:ruby_on_rails:3.0.13", "cpe:/a:rubyonrails:rails:3.0.11", "cpe:/a:rubyonrails:rails:3.2.5", "cpe:/a:rubyonrails:rails:3.1.1", "cpe:/a:rubyonrails:rails:3.2.4", "cpe:/a:rubyonrails:rails:3.0.4", "cpe:/a:rubyonrails:rails:3.0.3", "cpe:/a:rubyonrails:rails:3.1.3", "cpe:/a:rubyonrails:rails:3.0.8", "cpe:/a:rubyonrails:rails:3.0.1", "cpe:/a:rubyonrails:rails:3.0.2", "cpe:/a:rubyonrails:rails:3.2.3", "cpe:/a:rubyonrails:rails:3.2.2", "cpe:/a:rubyonrails:rails:3.0.6", "cpe:/a:rubyonrails:rails:3.0.12", "cpe:/a:rubyonrails:rails:3.1.5", "cpe:/a:rubyonrails:rails:3.0.10", "cpe:/a:rubyonrails:rails:3.1.2", "cpe:/a:rubyonrails:rails:3.0.7", "cpe:/a:rubyonrails:rails:3.0.0", "cpe:/a:rubyonrails:rails:3.1.4", "cpe:/a:rubyonrails:rails:3.2.1", "cpe:/a:rubyonrails:rails:3.0.13", "cpe:/a:rubyonrails:rails:3.1.0", "cpe:/a:rubyonrails:rails:3.0.9"], "id": "CVE-2012-2694", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2694", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:41:49", "description": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.", "cvss3": {}, "published": "2013-12-07T00:55:00", "type": "cve", "title": "CVE-2013-6417", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-6417"], "modified": "2019-08-08T15:42:00", "cpe": ["cpe:/a:rubyonrails:rails:3.1.2", "cpe:/a:rubyonrails:rails:3.2.7", "cpe:/a:rubyonrails:rails:3.1.9", "cpe:/a:rubyonrails:ruby_on_rails:3.1.11", "cpe:/a:rubyonrails:rails:3.0.6", "cpe:/a:rubyonrails:rails:3.0.5", "cpe:/a:rubyonrails:rails:3.2.5", "cpe:/a:rubyonrails:rails:3.0.16", "cpe:/a:rubyonrails:rails:3.1.7", "cpe:/a:rubyonrails:rails:3.2.1", "cpe:/a:rubyonrails:rails:4.0.0", "cpe:/a:rubyonrails:rails:3.2.3", "cpe:/a:rubyonrails:rails:3.0.18", "cpe:/a:rubyonrails:rails:3.2.4", "cpe:/a:rubyonrails:rails:3.0.12", "cpe:/a:rubyonrails:rails:4.0.1", "cpe:/a:rubyonrails:rails:3.0.3", "cpe:/a:rubyonrails:rails:3.0.0", "cpe:/a:rubyonrails:rails:3.1.1", "cpe:/a:rubyonrails:rails:3.0.4", "cpe:/a:rubyonrails:rails:3.0.10", "cpe:/a:rubyonrails:rails:3.0.1", "cpe:/a:rubyonrails:rails:3.2.13", "cpe:/a:rubyonrails:ruby_on_rails:3.2.14", "cpe:/a:rubyonrails:rails:3.2.12", "cpe:/a:rubyonrails:rails:3.0.9", "cpe:/a:rubyonrails:rails:3.2.8", "cpe:/a:rubyonrails:rails:3.2.2", "cpe:/a:rubyonrails:rails:3.1.3", "cpe:/a:rubyonrails:rails:3.0.20", "cpe:/a:rubyonrails:rails:3.0.7", "cpe:/a:rubyonrails:rails:3.2.6", "cpe:/a:rubyonrails:rails:3.0.8", "cpe:/a:rubyonrails:rails:3.2.10", "cpe:/a:rubyonrails:rails:3.1.10", "cpe:/a:rubyonrails:rails:3.2.11", "cpe:/a:rubyonrails:rails:3.1.6", "cpe:/a:rubyonrails:rails:3.1.8", "cpe:/a:rubyonrails:ruby_on_rails:3.0.4", "cpe:/a:rubyonrails:rails:3.1.0", "cpe:/a:rubyonrails:rails:3.0.11", "cpe:/a:rubyonrails:rails:3.0.14", "cpe:/a:rubyonrails:rails:3.1.4", "cpe:/a:rubyonrails:rails:3.0.19", "cpe:/a:rubyonrails:rails:3.0.17", "cpe:/a:rubyonrails:rails:3.0.2", "cpe:/a:rubyonrails:rails:3.0.13", "cpe:/a:rubyonrails:rails:3.2.9", "cpe:/a:rubyonrails:ruby_on_rails:3.2.15", "cpe:/a:rubyonrails:rails:3.2.0", "cpe:/a:rubyonrails:rails:3.1.5"], "id": "CVE-2013-6417", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6417", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-03-31T04:35:46", "description": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-09-07T19:28:00", "type": "debiancve", "title": "CVE-2016-6317", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155", "CVE-2016-6317"], "modified": "2016-09-07T19:28:00", "id": "DEBIANCVE:CVE-2016-6317", "href": "https://security-tracker.debian.org/tracker/CVE-2016-6317", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-31T04:35:46", "description": "Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660 and CVE-2012-2694.", "cvss3": {}, "published": "2013-01-13T22:55:00", "type": "debiancve", "title": "CVE-2013-0155", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155"], "modified": "2013-01-13T22:55:00", "id": "DEBIANCVE:CVE-2013-0155", "href": "https://security-tracker.debian.org/tracker/CVE-2013-0155", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-31T04:35:46", "description": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.", "cvss3": {}, "published": "2013-12-07T00:55:00", "type": "debiancve", "title": "CVE-2013-6417", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-6417"], "modified": "2013-12-07T00:55:00", "id": "DEBIANCVE:CVE-2013-6417", "href": "https://security-tracker.debian.org/tracker/CVE-2013-6417", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "osv": [{"lastseen": "2023-03-28T05:37:49", "description": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-24T18:33:35", "type": "osv", "title": "ActiveRecord in Ruby on Rails allows database-query bypass", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155", "CVE-2016-6317"], "modified": "2023-03-28T05:37:47", "id": "OSV:GHSA-PR3R-4WRP-R2PV", "href": "https://osv.dev/vulnerability/GHSA-pr3r-4wrp-r2pv", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-28T05:45:25", "description": "Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660 and CVE-2012-2694.", "cvss3": {}, "published": "2017-10-24T18:33:37", "type": "osv", "title": "Active Record allows bypassing database-query restrictions", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155"], "modified": "2023-03-28T05:45:17", "id": "OSV:GHSA-GPPP-5XC5-WFPX", "href": "https://osv.dev/vulnerability/GHSA-gppp-5xc5-wfpx", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-28T05:12:15", "description": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2694.", "cvss3": {}, "published": "2017-10-24T18:33:38", "type": "osv", "title": "Action Pack contains database-query restrictions bypass", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2023-03-28T05:12:10", "id": "OSV:GHSA-HGPP-PP89-4FGF", "href": "https://osv.dev/vulnerability/GHSA-hgpp-pp89-4fgf", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-28T05:24:58", "description": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain \"['xyz', nil]\" values, a related issue to CVE-2012-2660.", "cvss3": {}, "published": "2017-10-24T18:33:38", "type": "osv", "title": "Moderate severity vulnerability that affects actionpack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2023-03-28T05:24:53", "id": "OSV:GHSA-Q34C-48GC-M9G8", "href": "https://osv.dev/vulnerability/GHSA-q34c-48gc-m9g8", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-08-10T07:06:52", "description": "\nAn interpretation conflict can cause the Active Record component of\nRails, a web framework for the Ruby programming language, to truncate\nqueries in unexpected ways. This may allow attackers to elevate their\nprivileges.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze5.\n\n\nWe recommend that you upgrade your rails packages.\n\n\n", "cvss3": {}, "published": "2013-01-16T00:00:00", "type": "osv", "title": "rails - SQL query manipulation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155"], "modified": "2022-08-10T07:06:44", "id": "OSV:DSA-2609-1", "href": "https://osv.dev/vulnerability/DSA-2609-1", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-11T05:44:20", "description": "`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.", "cvss3": {}, "published": "2017-10-24T18:33:36", "type": "osv", "title": "actionpack allows bypass of database-query restrictions", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-6417"], "modified": "2023-03-11T05:44:13", "id": "OSV:GHSA-WPW7-WXJM-CW8R", "href": "https://osv.dev/vulnerability/GHSA-wpw7-wxjm-cw8r", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "gitlab": [{"lastseen": "2022-06-09T23:07:26", "description": "There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-09-07T00:00:00", "type": "gitlab", "title": "Unsafe Query Generation Risk", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155", "CVE-2016-6317"], "modified": "2016-09-07T00:00:00", "id": "GITLAB-5B17B2C7F62600B3015EE653C58C39C1", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/gem%2Factiverecord%2FCVE-2016-6317.yml/raw", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-09T23:06:01", "description": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2694.", "cvss3": {}, "published": "2017-10-24T00:00:00", "type": "gitlab", "title": "Moderate severity vulnerability that affects actionpack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2017-10-24T00:00:00", "id": "GITLAB-6257F45EC5F52983A689CB6F5007173B", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/gem%2Factionpack%2FCVE-2012-2660.yml/raw", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-09T23:06:03", "description": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain \"['xyz', nil]\" values, a related issue to CVE-2012-2660.", "cvss3": {}, "published": "2017-10-24T00:00:00", "type": "gitlab", "title": "Moderate severity vulnerability that affects actionpack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2017-10-24T00:00:00", "id": "GITLAB-452A380074293E9FA5EFD245D01072F7", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/gem%2Factionpack%2FCVE-2012-2694.yml/raw", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-09T23:06:54", "description": "Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.", "cvss3": {}, "published": "2012-06-22T00:00:00", "type": "gitlab", "title": "SQL Injection", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660"], "modified": "2012-06-22T00:00:00", "id": "GITLAB-458067D17304B1F214D926D8775EF9E6", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/gem%2Factiverecord%2FCVE-2012-2660.yml/raw", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-09T23:07:04", "description": "Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with \"IS NULL\" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it.", "cvss3": {}, "published": "2013-01-13T00:00:00", "type": "gitlab", "title": "Unsafe Query Generation Risk in Ruby on Rails", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155"], "modified": "2013-01-13T00:00:00", "id": "GITLAB-3CE9A140378A064CBEF6D0D382474BF9", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/gem%2Factiverecord%2FCVE-2013-0155.yml/raw", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-09T23:06:21", "description": "Due to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses.", "cvss3": {}, "published": "2013-12-06T00:00:00", "type": "gitlab", "title": "Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-6417"], "modified": "2013-12-06T00:00:00", "id": "GITLAB-64623E55B301EB96D940497B718EB419", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/gem%2Factionpack%2FCVE-2013-6417.yml/raw", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "github": [{"lastseen": "2023-03-14T02:10:48", "description": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-24T18:33:35", "type": "github", "title": "ActiveRecord in Ruby on Rails allows database-query bypass", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155", "CVE-2016-6317"], "modified": "2023-01-09T05:03:23", "id": "GHSA-PR3R-4WRP-R2PV", "href": "https://github.com/advisories/GHSA-pr3r-4wrp-r2pv", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-09T05:07:30", "description": "Withdrawn, accidental duplicate publish.\n\nActive Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.", "cvss3": {}, "published": "2018-08-13T20:49:01", "type": "github", "title": "Moderate severity vulnerability that affects activerecord", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155"], "modified": "2023-01-09T05:03:18", "id": "GHSA-M8H6-M9P5-P2F8", "href": "https://github.com/advisories/GHSA-m8h6-m9p5-p2f8", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-14T23:10:53", "description": "Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660 and CVE-2012-2694.", "cvss3": {}, "published": "2017-10-24T18:33:37", "type": "github", "title": "Active Record allows bypassing database-query restrictions", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155"], "modified": "2023-03-14T20:33:17", "id": "GHSA-GPPP-5XC5-WFPX", "href": "https://github.com/advisories/GHSA-gppp-5xc5-wfpx", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-14T02:10:47", "description": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2694.", "cvss3": {}, "published": "2017-10-24T18:33:38", "type": "github", "title": "Action Pack contains database-query restrictions bypass", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2023-03-14T01:00:44", "id": "GHSA-HGPP-PP89-4FGF", "href": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-09T05:07:33", "description": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain \"['xyz', nil]\" values, a related issue to CVE-2012-2660.", "cvss3": {}, "published": "2017-10-24T18:33:38", "type": "github", "title": "Moderate severity vulnerability that affects actionpack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2023-01-09T05:03:13", "id": "GHSA-Q34C-48GC-M9G8", "href": "https://github.com/advisories/GHSA-q34c-48gc-m9g8", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-23T20:08:37", "description": "`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.", "cvss3": {}, "published": "2017-10-24T18:33:36", "type": "github", "title": "actionpack allows bypass of database-query restrictions", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-6417"], "modified": "2023-01-23T18:08:21", "id": "GHSA-WPW7-WXJM-CW8R", "href": "https://github.com/advisories/GHSA-wpw7-wxjm-cw8r", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "rubygems": [{"lastseen": "2022-10-25T12:12:52", "description": "Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660 and CVE-2012-2694.", "cvss3": {}, "published": "2013-01-08T00:00:00", "type": "rubygems", "title": "CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2013-0155", "CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155"], "modified": "2013-01-08T00:00:00", "id": "RUBY:ACTIVERECORD-2013-0155-89025", "href": "https://rubysec.com/advisories/2013-0155/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-25T12:12:52", "description": "There is a vulnerability when Active Record is used in conjunction with JSON\nparameter parsing. This vulnerability is similar to CVE-2012-2660,\nCVE-2012-2694 and CVE-2013-0155.\n\nImpact\n------\n\nDue to the way Active Record interprets parameters in combination with the way\nthat JSON parameters are parsed, it is possible for an attacker to issue\nunexpected database queries with \"IS NULL\" or empty where clauses. This issue\ndoes *not* let an attacker insert arbitrary values into an SQL query, however\nthey can cause the query to check for NULL or eliminate a WHERE clause when\nmost users wouldn't expect it.\n\nFor example, a system has password reset with token functionality:\n\n```ruby\n unless params[:token].nil?\n user = User.find_by_token(params[:token])\n user.reset_password!\n end\n```\n\nAn attacker can craft a request such that `params[:token]` will return\n`[nil]`. The `[nil]` value will bypass the test for nil, but will still add\nan \"IN ('xyz', NULL)\" clause to the SQL query.\n\nSimilarly, an attacker can craft a request such that `params[:token]` will\nreturn an empty hash. An empty hash will eliminate the WHERE clause of the\nquery, but can bypass the `nil?` check.\n\nNote that this impacts not only dynamic finders (`find_by_*`) but also\nrelations (`User.where(:name => params[:name])`).\n\nAll users running an affected release should either upgrade or use one of the\nwork arounds immediately. All users running an affected release should upgrade\nimmediately. Please note, this vulnerability is a variant of CVE-2012-2660,\nCVE-2012-2694, and CVE-2013-0155. Even if you upgraded to address those\nissues, you must take action again.\n\nIf this chance in behavior impacts your application, you can manually decode\nthe original values from the request like so:\n\n `ActiveSupport::JSON.decode(request.body)`\n\nWorkarounds\n-----------\nThis problem can be mitigated by casting the parameter to a string before\npassing it to Active Record. For example:\n\n ```ruby\n unless params[:token].nil? || params[:token].to_s.empty?\n user = User.find_by_token(params[:token].to_s)\n user.reset_password!\n end\n ```\n", "cvss3": {}, "published": "2016-08-11T00:00:00", "type": "rubygems", "title": "Unsafe Query Generation Risk in Active Record", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2016-6317", "CVE-2012-2660", "CVE-2012-2694", "CVE-2013-0155"], "modified": "2016-08-11T00:00:00", "id": "RUBY:ACTIVERECORD-2016-6317", "href": "https://rubysec.com/advisories/2016-6317/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-25T12:12:52", "description": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2694.", "cvss3": {}, "published": "2012-05-31T00:00:00", "type": "rubygems", "title": "CVE-2012-2660 rubygem-actionpack: Unsafe query generation", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2012-2660", "CVE-2012-2660", "CVE-2012-2694"], "modified": "2012-05-31T00:00:00", "id": "RUBY:ACTIVERECORD-2012-2660-82610", "href": "https://rubysec.com/advisories/2012-2660/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-25T12:12:52", "description": "The prior fix to CVE-2013-0155 was incomplete and the use of common\n3rd party libraries can accidentally circumvent the protection. Due\nto the way that Rack::Request and Rails::Request interact, it is\npossible for a 3rd party or custom rack middleware to parse the\nparameters insecurely and store them in the same key that Rails uses\nfor its own parameters. In the event that happens the application\nwill receive unsafe parameters and could be vulnerable to the earlier\nvulnerability.\n", "cvss3": {}, "published": "2013-12-03T00:00:00", "type": "rubygems", "title": "Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2013-6417", "CVE-2013-0155"], "modified": "2013-12-03T00:00:00", "id": "RUBY:ACTIONPACK-2013-6417-100527", "href": "https://rubysec.com/advisories/2013-6417/", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-06-30T08:25:56", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-5.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2012-06-30T08:25:56", "id": "FEDORA:E734D20FB7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YQAVNL5H74RSXSXSQJCEEL7M42YGUAV7/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-08-09T23:18:43", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-6.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2012-3424"], "modified": "2012-08-09T23:18:43", "id": "FEDORA:7002C21517", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LZRUR2DJ2AZZZD7I2BL5K6HMNYT2QTLT/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2013-01-23T01:53:38", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-8.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2012-3424", "CVE-2012-3463", "CVE-2012-3464", "CVE-2012-3465", "CVE-2013-0155", "CVE-2013-0156"], "modified": "2013-01-23T01:53:38", "id": "FEDORA:8F063214D7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZZERWNWXQWELZ4JR2BIQ7WTNUYZ5S4AY/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-29T18:58:41", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: rubygem-actionpack-4.2.5.2-3.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6317"], "modified": "2016-08-29T18:58:41", "id": "FEDORA:4A73660A445D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RJQ6L3R7RUEIDHUMRST4MEHLX46OEGYA/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-29T18:58:41", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: rubygem-activerecord-4.2.5.2-2.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6317"], "modified": "2016-08-29T18:58:41", "id": "FEDORA:5FE0860A4EFB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IIKYQUVSGMREVPYLGJJT4HP353LWQ6AO/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-29T21:24:01", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: rubygem-actionpack-4.2.3-6.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6317"], "modified": "2016-08-29T21:24:01", "id": "FEDORA:8750E601CE69", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GETU77G46UPFRZ6VRFIYLMBSLTHSBNU2/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-29T21:24:01", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: rubygem-activerecord-4.2.3-3.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6317"], "modified": "2016-08-29T21:24:01", "id": "FEDORA:9031B601B8E4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SD7IJG75DQXRE7HO34KYAZO53RAZGCOP/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-06-30T08:26:22", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-7.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4319", "CVE-2012-1098", "CVE-2012-1099", "CVE-2012-2660", "CVE-2012-2694"], "modified": "2012-06-30T08:26:22", "id": "FEDORA:4559220F4C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JA5XSJDFCG643U33KJJV2REECGGDMDAD/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2013-03-30T21:27:37", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-9.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2012-3424", "CVE-2012-3463", "CVE-2012-3464", "CVE-2012-3465", "CVE-2013-0155", "CVE-2013-1855", "CVE-2013-1857"], "modified": "2013-03-30T21:27:37", "id": "FEDORA:5EBB0209F9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6BTNEKFN2WYJC5SN6KVQYJV2PGSKOJOQ/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-06-15T00:24:01", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-4.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660"], "modified": "2012-06-15T00:24:01", "id": "FEDORA:3FB8F20E52", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/72UK4JNPRU5G3RIXCRW7HJB6BSF4SQF2/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-08-22T21:11:17", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-7.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694", "CVE-2012-3424", "CVE-2012-3463", "CVE-2012-3464", "CVE-2012-3465"], "modified": "2012-08-22T21:11:17", "id": "FEDORA:B1B3320FA2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SOAYN6KJT7MWLC5STS5KNIIQ65PYV3MS/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-08-09T23:26:17", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-8.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4319", "CVE-2012-1098", "CVE-2012-1099", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-3424"], "modified": "2012-08-09T23:26:17", "id": "FEDORA:8AEB121931", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OJFIPJMJRINRXZQZMLGQRNLOZ7NQBBKA/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2013-01-23T01:34:00", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-10.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4319", "CVE-2012-1098", "CVE-2012-1099", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-3424", "CVE-2012-3463", "CVE-2012-3464", "CVE-2012-3465", "CVE-2013-0155", "CVE-2013-0156"], "modified": "2013-01-23T01:34:00", "id": "FEDORA:0132C20F1D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/V4PP7M5QV2BAWIB6NX4BKBYN7C7OV4OJ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Ruby on Rails is a full-stack web framework optimized for programmer happin ess and sustainable productivity. It encourages beautiful code by favoring convention over configuration. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-rails-5.0.0.1-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:909536087ECC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WAMEZEEF5UHZPV5IDQY4ZP5VLSRSFHY5/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-activemodel-5.0.0.1-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:837166087EC2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JNY6ZLXQZ4GJM4L5Z2JD42S4WMYF75U5/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Rails internals: application bootup, plugins, generators, and rake tasks. Railties is responsible to glue all frameworks together. Overall, it: * handles all the bootstrapping process for a Rails application; * manager rails command line interface; * provides Rails generators core; ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-railties-5.0.0.1-2.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:335C96042D4E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JWPXPNMF2BDDQ7AGYMPNOYVDE3BN3RFG/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-actionpack-5.0.0.1-2.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:072A56042D49", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7SB36DN7LSLP2GHE4LNAQGWXRMHZEU5F/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Simple, battle-tested conventions and helpers for building web pages. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-actionview-5.0.0.1-2.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:2B7856042D4C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/INSRTFAYYUM2XLIWRMW2ZQBU6VNPXG6B/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-activerecord-5.0.0.1-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:3C1406042D4F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5VQDB7AQ3WT2TSLDMYPYKXIMBJ7KYSJ6/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Structure many real-time application concerns into channels over a single WebSocket connection. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-actioncable-5.0.0.1-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:45DE46042D51", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XOQL7IU7SB6QJRWGKCHRPZQUOIURV63S/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Declare job classes that can be run by a variety of queueing backends. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-activejob-5.0.0.1-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:7E33C6042D49", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/R67FRLEDPZRRVMJS3A5LA6YIM5UQO4GY/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-activesupport-5.0.0.1-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:9D8B2608A217", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MRQYAVBWV4UNQ5XC3LB5L44OYTI3JZ3W/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Email on Rails. Compose, deliver, receive, and test emails using the famili ar controller/view pattern. First-class support for multipart email and attachments. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-actionmailer-5.0.0.1-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:732356042D46", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SVDJLLIW67K6FGDQKQEY6EGTKQ7KXRQU/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2013-01-20T03:40:48", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: rubygem-actionpack-3.2.8-2.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-0156"], "modified": "2013-01-20T03:40:48", "id": "FEDORA:57486219BC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4HXNOZX2YXSRUND3GWZLBGQY5OXERYHA/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Utility library which carries commonly used classes and goodies from the Rails framework ", "cvss3": {}, "published": "2013-01-20T03:40:48", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: rubygem-activesupport-3.2.8-2.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-0156"], "modified": "2013-01-20T03:40:48", "id": "FEDORA:7B35121E3E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RZPC2FNU6L7AFLNTJRQFK7XKBQVYHBCU/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework. ", "cvss3": {}, "published": "2013-01-23T01:34:00", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-activemodel-3.0.10-2.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-0156"], "modified": "2013-01-23T01:34:00", "id": "FEDORA:3D63B21039", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DJ74HSLCJF3LD22PUJVDO3A3J7IUSNCW/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework. ", "cvss3": {}, "published": "2013-01-23T01:53:38", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: rubygem-activemodel-3.0.11-2.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-0156"], "modified": "2013-01-23T01:53:38", "id": "FEDORA:A05A921771", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CTZZX3K4X2QU572MYRNWHAGHEFXJTNY3/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-08-22T20:58:55", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-9.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4319", "CVE-2012-1098", "CVE-2012-1099", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-3424", "CVE-2012-3463", "CVE-2012-3464", "CVE-2012-3465"], "modified": "2012-08-22T20:58:55", "id": "FEDORA:68E0120EF2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GRBCFEQUKGIGKY2NI6GOPJ4CBTLJLVSJ/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. ", "cvss3": {}, "published": "2013-01-20T03:40:48", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: rubygem-activerecord-3.2.8-3.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6496", "CVE-2013-0155", "CVE-2013-0156"], "modified": "2013-01-20T03:40:48", "id": "FEDORA:70A4A21E1E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KUZ4ZPJJIMD3CMVU3IEYAQGAKYVXWUJX/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Utility library which carries commonly used classes and goodies from the Rails framework ", "cvss3": {}, "published": "2013-01-23T01:53:38", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-7.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3464", "CVE-2013-0155", "CVE-2013-0156"], "modified": "2013-01-23T01:53:38", "id": "FEDORA:A94FC21782", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MEIAAY3B65VZK2OMFV4UO5QYSMXIAGGJ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework. ", "cvss3": {}, "published": "2013-02-21T05:38:11", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: rubygem-activemodel-3.0.11-3.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-0156", "CVE-2013-0276"], "modified": "2013-02-21T05:38:11", "id": "FEDORA:6035420AD7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/U3VEFZLUEKJ6QCZ2OWLVCDEAQEE7U75H/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2013-03-30T21:27:21", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: rubygem-actionpack-3.2.8-3.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-1855", "CVE-2013-1857"], "modified": "2013-03-30T21:27:21", "id": "FEDORA:3598220B7B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7LUMHFDGRAZC2DWTOE5B2BXTR2M7G7FH/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. ", "cvss3": {}, "published": "2013-03-30T21:32:07", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: rubygem-activerecord-3.2.8-5.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6496", "CVE-2013-0155", "CVE-2013-1854"], "modified": "2013-03-30T21:32:07", "id": "FEDORA:6247120D06", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PIW6LQEMOEWN2PNT4MF7XDJYEEBN5VTE/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-06-15T00:29:09", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-6.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4319", "CVE-2012-1098", "CVE-2012-1099", "CVE-2012-2660"], "modified": "2012-06-15T00:29:09", "id": "FEDORA:1946120C02", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BEM57EL4ADZIMINYCH6X4XL4GNSSVJIG/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2012-06-15T12:33:31", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: rubygem-actionpack-3.0.5-8.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2197", "CVE-2011-4319", "CVE-2012-1099", "CVE-2012-2660"], "modified": "2012-06-15T12:33:31", "id": "FEDORA:B5E2821466", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/I2QAPX5OAIZ25J66TQQPQ5HOHZQOUZXM/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Utility library which carries commonly used classes and goodies from the Rails framework ", "cvss3": {}, "published": "2013-01-23T01:34:00", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-5.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1098", "CVE-2012-3464", "CVE-2013-0155", "CVE-2013-0156"], "modified": "2013-01-23T01:34:00", "id": "FEDORA:30B5421034", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MEWBF4DBRXEBIJYF6I6FG6PEIRRZIJBJ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. ", "cvss3": {}, "published": "2013-01-23T01:34:00", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-activerecord-3.0.10-5.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2661", "CVE-2012-2695", "CVE-2012-6496", "CVE-2013-0155", "CVE-2013-0156"], "modified": "2013-01-23T01:34:00", "id": "FEDORA:20AB92101C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/S7WKSBGBHX6IOIFYTQX3WOUT42GLJICF/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. ", "cvss3": {}, "published": "2013-01-23T01:53:38", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: rubygem-activerecord-3.0.11-5.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2661", "CVE-2012-2695", "CVE-2012-6496", "CVE-2013-0155", "CVE-2013-0156"], "modified": "2013-01-23T01:53:38", "id": "FEDORA:97F30216D6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SQQAEVPKF4YXT5F3WAVAKQ5PVPHSYRLJ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. ", "cvss3": {}, "published": "2013-02-21T05:33:12", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: rubygem-activerecord-3.0.11-6.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2661", "CVE-2012-2695", "CVE-2012-6496", "CVE-2013-0155", "CVE-2013-0277"], "modified": "2013-02-21T05:33:12", "id": "FEDORA:A683320E82", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UXFJ5QSZZ6Z2ALAKSSVAZQ2S63VTN3SP/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {}, "published": "2014-03-07T06:36:05", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: rubygem-actionpack-4.0.0-2.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155", "CVE-2013-4491", "CVE-2013-6414", "CVE-2013-6415", "CVE-2013-6416", "CVE-2013-6417"], "modified": "2014-03-07T06:36:05", "id": "FEDORA:B167C2162A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XDQ3QTYUXAXOW3OF2WMIKSEPIYNTTXPS/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "openvas": [{"lastseen": "2018-01-06T13:07:40", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-9606", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:864525", "href": "http://plugins.openvas.org/nasl.php?oid=864525", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-9606\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 17\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083133.html\");\n script_id(864525);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:24:39 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2694\", \"CVE-2012-2660\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-9606\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-9606\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~5.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-9606", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864525", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864525", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-9606\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083133.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864525\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:24:39 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2694\", \"CVE-2012-2660\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-9606\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-9606\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~5.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2018-01-03T10:57:44", "description": "Check for the Version of rubygem-actionpack/activerecord-2_3", "cvss3": {}, "published": "2012-12-13T00:00:00", "type": "openvas", "title": "SuSE Update for rubygem-actionpack/activerecord-2_3 openSUSE-SU-2012:0978-1 (rubygem-actionpack/activerecord-2_3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2012-2660", "CVE-2012-2694"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:850307", "href": "http://plugins.openvas.org/nasl.php?oid=850307", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0978_1.nasl 8273 2018-01-03 06:29:19Z teissa $\n#\n# SuSE Update for rubygem-actionpack/activerecord-2_3 openSUSE-SU-2012:0978-1 (rubygem-actionpack/activerecord-2_3)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"3 Security issues were fixed in rails 2.3 core components.\n\n 2 NULL query issues where fixed in the actionpack gem. 1\n SQL injection was fixed in the activerecord gem.\";\n\ntag_affected = \"rubygem-actionpack/activerecord-2_3 on openSUSE 12.1, openSUSE 11.4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850307);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:42 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-2694\", \"CVE-2012-2695\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0978_1\");\n script_name(\"SuSE Update for rubygem-actionpack/activerecord-2_3 openSUSE-SU-2012:0978-1 (rubygem-actionpack/activerecord-2_3)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack/activerecord-2_3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack-2_3\", rpm:\"rubygem-actionpack-2_3~2.3.14~0.16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-doc\", rpm:\"rubygem-actionpack-2_3-doc~2.3.14~0.16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-testsuite\", rpm:\"rubygem-actionpack-2_3-testsuite~2.3.14~0.16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord-2_3\", rpm:\"rubygem-activerecord-2_3~2.3.14~0.16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord-2_3-doc\", rpm:\"rubygem-activerecord-2_3-doc~2.3.14~0.16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ubygem-activerecord-2_3-testsuite\", rpm:\"ubygem-activerecord-2_3-testsuite~2.3.14~0.16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack-2_3\", rpm:\"rubygem-actionpack-2_3~2.3.14~3.8.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-doc\", rpm:\"rubygem-actionpack-2_3-doc~2.3.14~3.8.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-testsuite\", rpm:\"rubygem-actionpack-2_3-testsuite~2.3.14~3.8.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord-2_3\", rpm:\"rubygem-activerecord-2_3~2.3.14~3.8.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord-2_3-doc\", rpm:\"rubygem-activerecord-2_3-doc~2.3.14~3.8.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord-2_3-testsuite\", rpm:\"rubygem-activerecord-2_3-testsuite~2.3.14~3.8.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:58:23", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-11363", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3424", "CVE-2012-2660", "CVE-2012-2694"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:864618", "href": "http://plugins.openvas.org/nasl.php?oid=864618", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-11363\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 17\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084827.html\");\n script_id(864618);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:38:04 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-11363\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-11363\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~6.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-01-31T18:41:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-12-13T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for rubygem-actionpack/activerecord-2_3 (openSUSE-SU-2012:0978-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2012-2660", "CVE-2012-2694"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850307", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850307", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850307\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:42 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-2694\", \"CVE-2012-2695\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0978-1\");\n script_name(\"openSUSE: Security Advisory for rubygem-actionpack/activerecord-2_3 (openSUSE-SU-2012:0978-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack/activerecord-2_3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE11\\.4|openSUSE12\\.1)\");\n\n script_tag(name:\"affected\", value:\"rubygem-actionpack/activerecord-2_3 on openSUSE 12.1, openSUSE 11.4\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"insight\", value:\"3 Security issues were fixed in rails 2.3 core components.\n\n 2 NULL query issues where fixed in the actionpack gem. 1\n SQL injection was fixed in the activerecord gem.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack-2_3\", rpm:\"rubygem-actionpack-2_3~2.3.14~0.16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-doc\", rpm:\"rubygem-actionpack-2_3-doc~2.3.14~0.16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-testsuite\", rpm:\"rubygem-actionpack-2_3-testsuite~2.3.14~0.16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activerecord-2_3\", rpm:\"rubygem-activerecord-2_3~2.3.14~0.16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activerecord-2_3-doc\", rpm:\"rubygem-activerecord-2_3-doc~2.3.14~0.16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ubygem-activerecord-2_3-testsuite\", rpm:\"ubygem-activerecord-2_3-testsuite~2.3.14~0.16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE12.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack-2_3\", rpm:\"rubygem-actionpack-2_3~2.3.14~3.8.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-doc\", rpm:\"rubygem-actionpack-2_3-doc~2.3.14~3.8.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-testsuite\", rpm:\"rubygem-actionpack-2_3-testsuite~2.3.14~3.8.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activerecord-2_3\", rpm:\"rubygem-activerecord-2_3~2.3.14~3.8.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activerecord-2_3-doc\", rpm:\"rubygem-activerecord-2_3-doc~2.3.14~3.8.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activerecord-2_3-testsuite\", rpm:\"rubygem-activerecord-2_3-testsuite~2.3.14~3.8.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-11363", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3424", "CVE-2012-2660", "CVE-2012-2694"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864618", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864618", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-11363\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084827.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864618\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:38:04 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-11363\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-11363\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~6.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-02T21:10:51", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "FreeBSD Ports: rubygem-activemodel", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2012-2660", "CVE-2012-2661", "CVE-2012-2694"], "modified": "2017-04-24T00:00:00", "id": "OPENVAS:71520", "href": "http://plugins.openvas.org/nasl.php?oid=71520", "sourceData": "#\n#VID 748aa89f-d529-11e1-82ab-001fd0af1a4c\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 748aa89f-d529-11e1-82ab-001fd0af1a4c\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: rubygem-activemodel\n\nCVE-2012-2660\nactionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before\n3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly\nconsider differences in parameter handling between the Active Record\ncomponent and the Rack interface, which allows remote attackers to\nbypass intended database-query restrictions and perform NULL checks\nvia a crafted request, as demonstrated by certain '[nil]' values, a\nrelated issue to CVE-2012-2694.\nCVE-2012-2661\nThe Active Record component in Ruby on Rails 3.0.x before 3.0.13,\n3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement\nthe passing of request data to a where method in an ActiveRecord\nclass, which allows remote attackers to conduct certain SQL injection\nattacks via nested query parameters that leverage unintended\nrecursion, a related issue to CVE-2012-2695.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/8SA-M3as7A8\nhttps://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/dUaiOOGWL1k\nhttp://www.vuxml.org/freebsd/748aa89f-d529-11e1-82ab-001fd0af1a4c.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71520);\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-2661\");\n script_version(\"$Revision: 6018 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-24 11:02:24 +0200 (Mon, 24 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:17 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"FreeBSD Ports: rubygem-activemodel\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"rubygem-activemodel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.2.4\")<0) {\n txt += \"Package rubygem-activemodel version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:36", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "FreeBSD Ports: rubygem-activemodel", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2012-2660", "CVE-2012-2661", "CVE-2012-2694"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231071520", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071520", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_rubygem-activemodel.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 748aa89f-d529-11e1-82ab-001fd0af1a4c\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71520\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-2661\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:17 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"FreeBSD Ports: rubygem-activemodel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: rubygem-activemodel\n\nCVE-2012-2660\nactionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before\n3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly\nconsider differences in parameter handling between the Active Record\ncomponent and the Rack interface, which allows remote attackers to\nbypass intended database-query restrictions and perform NULL checks\nvia a crafted request, as demonstrated by certain '[nil]' values, a\nrelated issue to CVE-2012-2694.\nCVE-2012-2661\nThe Active Record component in Ruby on Rails 3.0.x before 3.0.13,\n3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement\nthe passing of request data to a where method in an ActiveRecord\nclass, which allows remote attackers to conduct certain SQL injection\nattacks via nested query parameters that leverage unintended\nrecursion, a related issue to CVE-2012-2695.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/8SA-M3as7A8\");\n script_xref(name:\"URL\", value:\"https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/dUaiOOGWL1k\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/748aa89f-d529-11e1-82ab-001fd0af1a4c.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"rubygem-activemodel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.2.4\")<0) {\n txt += \"Package rubygem-activemodel version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-26T11:10:20", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2013-0635", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3463", "CVE-2012-3465", "CVE-2012-3424", "CVE-2013-0156", "CVE-2012-2660", "CVE-2012-3464", "CVE-2012-2694", "CVE-2013-0155"], "modified": "2018-01-26T00:00:00", "id": "OPENVAS:865220", "href": "http://plugins.openvas.org/nasl.php?oid=865220", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2013-0635\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-actionpack on Fedora 17\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097314.html\");\n script_id(865220);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:23:17 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-3463\", \"CVE-2012-3464\",\n \"CVE-2012-3465\", \"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0635\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2013-0635\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~8.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2013-0635", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3463", "CVE-2012-3465", "CVE-2012-3424", "CVE-2013-0156", "CVE-2012-2660", "CVE-2012-3464", "CVE-2012-2694", "CVE-2013-0155"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865220", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865220", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2013-0635\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097314.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865220\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:23:17 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-3463\", \"CVE-2012-3464\",\n \"CVE-2012-3465\", \"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0635\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2013-0635\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~8.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2016-f58d7ecc8a", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809159", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809159", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2016-f58d7ecc8a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809159\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-30 05:58:40 +0200 (Tue, 30 Aug 2016)\");\n script_cve_id(\"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2016-f58d7ecc8a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activerecord'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activerecord on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-f58d7ecc8a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD7IJG75DQXRE7HO34KYAZO53RAZGCOP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~4.2.3~3.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2016-f58d7ecc8a", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809161", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809161", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2016-f58d7ecc8a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809161\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-30 05:58:42 +0200 (Tue, 30 Aug 2016)\");\n script_cve_id(\"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2016-f58d7ecc8a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-f58d7ecc8a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GETU77G46UPFRZ6VRFIYLMBSLTHSBNU2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~4.2.3~6.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2016-b4919ffe56", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809163", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809163", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2016-b4919ffe56\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809163\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-30 05:58:39 +0200 (Tue, 30 Aug 2016)\");\n script_cve_id(\"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2016-b4919ffe56\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activerecord'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activerecord on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b4919ffe56\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIKYQUVSGMREVPYLGJJT4HP353LWQ6AO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~4.2.5.2~2.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2016-b4919ffe56", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809167", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809167", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2016-b4919ffe56\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809167\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-30 05:58:34 +0200 (Tue, 30 Aug 2016)\");\n script_cve_id(\"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2016-b4919ffe56\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b4919ffe56\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJQ6L3R7RUEIDHUMRST4MEHLX46OEGYA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~4.2.5.2~3.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-21T21:54:27", "description": "This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.", "cvss3": {}, "published": "2016-10-13T00:00:00", "type": "openvas", "title": "Ruby on Rails Active Record SQL Injection Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317"], "modified": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310807378", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807378", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby on Rails Active Record SQL Injection Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807378\");\n script_version(\"2020-07-14T14:33:06+0000\");\n script_cve_id(\"CVE-2016-6317\");\n script_bugtraq_id(92434);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:33:06 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-13 14:29:38 +0530 (Thu, 13 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Ruby on Rails Active Record SQL Injection Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the way Active Record\n interprets parameters in combination with the way that JSON parameters are\n parsed, it is possible for an attacker to issue unexpected database queries\n with 'IS NULL' or empty where clauses.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to bypass intended database-query restrictions and perform NULL checks\n or trigger missing WHERE clauses via a crafted request, as demonstrated by\n certain '[nil]' values.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails 4.2.x before 4.2.7.1 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 4.2.7.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/08/11/4\");\n script_xref(name:\"URL\", value:\"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA\");\n script_xref(name:\"URL\", value:\"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude( \"version_func.inc\" );\ninclude( \"host_details.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_in_range( version: version, test_version: \"4.2.0\", test_version2: \"4.2.7.0\" ) )\n{\n report = report_fixed_ver( installed_version: version, fixed_version: \"4.2.7.1\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-21T21:55:57", "description": "This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.", "cvss3": {}, "published": "2016-10-13T00:00:00", "type": "openvas", "title": "Ruby on Rails Active Record SQL Injection Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317"], "modified": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310807377", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807377", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby on Rails Active Record SQL Injection Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807377\");\n script_version(\"2020-07-14T14:33:06+0000\");\n script_cve_id(\"CVE-2016-6317\");\n script_bugtraq_id(92434);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:33:06 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-13 14:29:34 +0530 (Thu, 13 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Ruby on Rails Active Record SQL Injection Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the way Active Record\n interprets parameters in combination with the way that JSON parameters are\n parsed, it is possible for an attacker to issue unexpected database queries\n with 'IS NULL' or empty where clauses.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to bypass intended database-query restrictions and perform NULL checks\n or trigger missing WHERE clauses via a crafted request, as demonstrated by\n certain '[nil]' values.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails 4.2.x before 4.2.7.1 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 4.2.7.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/08/11/4\");\n script_xref(name:\"URL\", value:\"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA\");\n script_xref(name:\"URL\", value:\"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude( \"version_func.inc\" );\ninclude( \"host_details.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_in_range( version: version, test_version: \"4.2.0\", test_version2: \"4.2.7.0\" ) )\n{\n report = report_fixed_ver( installed_version: version, fixed_version: \"4.2.7.1\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-03T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-9636", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864521", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864521", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-9636\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083135.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864521\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-03 10:24:17 +0530 (Tue, 03 Jul 2012)\");\n script_cve_id(\"CVE-2012-2694\", \"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\",\n \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-9636\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-9636\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~7.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2018-01-02T10:58:21", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-07-03T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-9636", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-1098"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:864521", "href": "http://plugins.openvas.org/nasl.php?oid=864521", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-9636\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 16\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083135.html\");\n script_id(864521);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-03 10:24:17 +0530 (Tue, 03 Jul 2012)\");\n script_cve_id(\"CVE-2012-2694\", \"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\",\n \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-9636\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-9636\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~7.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-02-05T11:11:29", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2013-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2013-4199", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3463", "CVE-2012-3465", "CVE-2012-3424", "CVE-2013-1855", "CVE-2012-2660", "CVE-2012-3464", "CVE-2012-2694", "CVE-2013-0155", "CVE-2013-1857"], "modified": "2018-02-03T00:00:00", "id": "OPENVAS:865515", "href": "http://plugins.openvas.org/nasl.php?oid=865515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2013-4199\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-actionpack on Fedora 17\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101113.html\");\n script_id(865515);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:25:29 +0530 (Tue, 02 Apr 2013)\");\n script_cve_id(\"CVE-2013-1855\", \"CVE-2013-1857\", \"CVE-2013-0155\", \"CVE-2012-3463\",\n \"CVE-2012-3464\", \"CVE-2012-3465\", \"CVE-2012-3424\", \"CVE-2012-2694\",\n \"CVE-2012-2660\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-4199\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2013-4199\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~9.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2013-4199", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3463", "CVE-2012-3465", "CVE-2012-3424", "CVE-2013-1855", "CVE-2012-2660", "CVE-2012-3464", "CVE-2012-2694", "CVE-2013-0155", "CVE-2013-1857"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2013-4199\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101113.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865515\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:25:29 +0530 (Tue, 02 Apr 2013)\");\n script_cve_id(\"CVE-2013-1855\", \"CVE-2013-1857\", \"CVE-2013-0155\", \"CVE-2012-3463\",\n \"CVE-2012-3464\", \"CVE-2012-3465\", \"CVE-2012-3424\", \"CVE-2012-2694\",\n \"CVE-2012-2660\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2013-4199\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2013-4199\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~9.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2018-01-11T11:07:23", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-8868", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2660"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:864447", "href": "http://plugins.openvas.org/nasl.php?oid=864447", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-8868\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 17\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082217.html\");\n script_id(864447);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 09:44:22 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2660\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-8868\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-8868\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~4.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-8868", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2660"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864447", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864447", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-8868\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082217.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864447\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 09:44:22 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2660\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-8868\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-8868\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~4.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2018-01-02T10:56:31", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-08-14T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-11353", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2012-3424", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-1098"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:864619", "href": "http://plugins.openvas.org/nasl.php?oid=864619", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-11353\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 16\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084854.html\");\n script_id(864619);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-14 10:38:12 +0530 (Tue, 14 Aug 2012)\");\n script_cve_id(\"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-11353\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-11353\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~8.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-14T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-11353", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2012-3424", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864619", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864619", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-11353\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084854.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864619\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-14 10:38:12 +0530 (Tue, 14 Aug 2012)\");\n script_cve_id(\"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-11353\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-11353\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~8.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2018-01-11T11:07:30", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-11885", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3463", "CVE-2012-3465", "CVE-2012-3424", "CVE-2012-2660", "CVE-2012-3464", "CVE-2012-2694"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:864638", "href": "http://plugins.openvas.org/nasl.php?oid=864638", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-11885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 17\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085485.html\");\n script_id(864638);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 09:53:52 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-3463\", \"CVE-2012-3464\", \"CVE-2012-3465\", \"CVE-2012-3424\",\n \"CVE-2012-2694\", \"CVE-2012-2660\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-11885\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-11885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~7.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-11885", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3463", "CVE-2012-3465", "CVE-2012-3424", "CVE-2012-2660", "CVE-2012-3464", "CVE-2012-2694"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864638", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864638", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-11885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085485.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864638\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 09:53:52 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-3463\", \"CVE-2012-3464\", \"CVE-2012-3465\", \"CVE-2012-3424\",\n \"CVE-2012-2694\", \"CVE-2012-2660\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-11885\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-11885\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~7.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-24T12:51:34", "description": "An interpretation conflict can cause the Active Record component of\nRails, a web framework for the Ruby programming language, to truncate\nqueries in unexpected ways. This may allow attackers to elevate their\nprivileges.", "cvss3": {}, "published": "2013-01-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2609-1 (rails - SQL query manipulation)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0155"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:892609", "href": "http://plugins.openvas.org/nasl.php?oid=892609", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2609.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2609-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rails on Debian Linux\";\ntag_insight = \"Rails is a full-stack, open-source web framework in Ruby for writing\nreal-world applications.\";\ntag_solution = \"For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze5.\n\nWe recommend that you upgrade your rails packages.\";\ntag_summary = \"An interpretation conflict can cause the Active Record component of\nRails, a web framework for the Ruby programming language, to truncate\nqueries in unexpected ways. This may allow attackers to elevate their\nprivileges.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892609);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-0155\");\n script_name(\"Debian Security Advisory DSA 2609-1 (rails - SQL query manipulation)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-01-16 00:00:00 +0100 (Wed, 16 Jan 2013)\");\n script_tag(name: \"cvss_base\", value:\"6.4\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2609.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:37:59", "description": "An interpretation conflict can cause the Active Record component of\nRails, a web framework for the Ruby programming language, to truncate\nqueries in unexpected ways. This may allow attackers to elevate their\nprivileges.", "cvss3": {}, "published": "2013-01-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2609-1 (rails - SQL query manipulation)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0155"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310892609", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892609", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2609.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2609-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892609\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-0155\");\n script_name(\"Debian Security Advisory DSA 2609-1 (rails - SQL query manipulation)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-16 00:00:00 +0100 (Wed, 16 Jan 2013)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2609.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_tag(name:\"affected\", value:\"rails on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze5.\n\nWe recommend that you upgrade your rails packages.\");\n script_tag(name:\"summary\", value:\"An interpretation conflict can cause the Active Record component of\nRails, a web framework for the Ruby programming language, to truncate\nqueries in unexpected ways. This may allow attackers to elevate their\nprivileges.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.5-1.2+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-25T10:52:00", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2013-0686", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3463", "CVE-2012-3465", "CVE-2012-1099", "CVE-2012-3424", "CVE-2013-0156", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-3464", "CVE-2012-2694", "CVE-2013-0155", "CVE-2012-1098"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:865236", "href": "http://plugins.openvas.org/nasl.php?oid=865236", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2013-0686\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-actionpack on Fedora 16\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097246.html\");\n script_id(865236);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:25:34 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-3463\", \"CVE-2012-3464\",\n \"CVE-2012-3465\", \"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\",\n \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0686\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2013-0686\");\n\n script_summary(\"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~10.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2013-0686", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3463", "CVE-2012-3465", "CVE-2012-1099", "CVE-2012-3424", "CVE-2013-0156", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-3464", "CVE-2012-2694", "CVE-2013-0155", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865236", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865236", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2013-0686\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097246.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865236\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:25:34 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-3463\", \"CVE-2012-3464\",\n \"CVE-2012-3465\", \"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\",\n \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0686\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2013-0686\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~10.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activejob FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872008", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activejob FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872008\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:24:00 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activejob FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activejob'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activejob on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R67FRLEDPZRRVMJS3A5LA6YIM5UQO4GY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activejob\", rpm:\"rubygem-activejob~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310871965", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871965", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871965\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:21:49 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activesupport'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activesupport on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRQYAVBWV4UNQ5XC3LB5L44OYTI3JZ3W\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activemodel FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872038", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872038", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activemodel FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872038\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:25:19 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activemodel FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activemodel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activemodel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNY6ZLXQZ4GJM4L5Z2JD42S4WMYF75U5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activemodel\", rpm:\"rubygem-activemodel~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872047", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872047", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872047\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:25:34 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activerecord'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activerecord on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VQDB7AQ3WT2TSLDMYPYKXIMBJ7KYSJ6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actioncable FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872011", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actioncable FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872011\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:24:06 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actioncable FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actioncable'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actioncable on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOQL7IU7SB6QJRWGKCHRPZQUOIURV63S\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actioncable\", rpm:\"rubygem-actioncable~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:41", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872094", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872094", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872094\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:27:14 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SB36DN7LSLP2GHE4LNAQGWXRMHZEU5F\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~5.0.0.1~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-railties FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310871937", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871937", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-railties FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871937\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:20:47 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-railties FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-railties'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-railties on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWPXPNMF2BDDQ7AGYMPNOYVDE3BN3RFG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-railties\", rpm:\"rubygem-railties~5.0.0.1~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionview FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310871981", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871981", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionview FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871981\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:22:25 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionview FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionview'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionview on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INSRTFAYYUM2XLIWRMW2ZQBU6VNPXG6B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionview\", rpm:\"rubygem-actionview~5.0.0.1~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionmailer FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872056", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionmailer FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872056\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:25:50 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionmailer FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionmailer'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionmailer on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVDJLLIW67K6FGDQKQEY6EGTKQ7KXRQU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionmailer\", rpm:\"rubygem-actionmailer~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-rails FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310871890", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871890", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-rails FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871890\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:19:40 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-rails FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-rails'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-rails on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAMEZEEF5UHZPV5IDQY4ZP5VLSRSFHY5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-rails\", rpm:\"rubygem-rails~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-24T11:10:12", "description": "Check for the Version of rubygem-activemodel", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activemodel FEDORA-2013-0686", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2013-0155"], "modified": "2018-01-24T00:00:00", "id": "OPENVAS:865224", "href": "http://plugins.openvas.org/nasl.php?oid=865224", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activemodel FEDORA-2013-0686\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-activemodel on Fedora 16\";\ntag_insight = \"Rich support for attributes, callbacks, validations, observers,\n serialization, internationalization, and testing. It provides a known\n set of interfaces for usage in model classes. It also helps building\n custom ORMs for use outside of the Rails framework.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097245.html\");\n script_id(865224);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:24:28 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0686\");\n script_name(\"Fedora Update for rubygem-activemodel FEDORA-2013-0686\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activemodel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activemodel\", rpm:\"rubygem-activemodel~3.0.10~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-05T11:10:21", "description": "Check for the Version of rubygem-activesupport", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2013-0568", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2013-0155"], "modified": "2018-02-03T00:00:00", "id": "OPENVAS:865182", "href": "http://plugins.openvas.org/nasl.php?oid=865182", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2013-0568\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-activesupport on Fedora 18\";\ntag_insight = \"Utility library which carries commonly used classes and\n goodies from the Rails framework\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097214.html\");\n script_id(865182);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:34:49 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0568\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2013-0568\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activesupport\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.2.8~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:52:01", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2013-0568", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2013-0155"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:865148", "href": "http://plugins.openvas.org/nasl.php?oid=865148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2013-0568\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-actionpack on Fedora 18\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097213.html\");\n script_id(865148);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:32:38 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0568\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2013-0568\");\n\n script_summary(\"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.2.8~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-06T13:10:43", "description": "Check for the Version of rubygem-activemodel", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activemodel FEDORA-2013-0635", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2013-0155"], "modified": "2018-02-05T00:00:00", "id": "OPENVAS:865226", "href": "http://plugins.openvas.org/nasl.php?oid=865226", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activemodel FEDORA-2013-0635\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-activemodel on Fedora 17\";\ntag_insight = \"Rich support for attributes, callbacks, validations, observers,\n serialization, internationalization, and testing. It provides a known\n set of interfaces for usage in model classes. It also helps building\n custom ORMs for use outside of the Rails framework.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097312.html\");\n script_id(865226);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:24:34 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0635\");\n script_name(\"Fedora Update for rubygem-activemodel FEDORA-2013-0635\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activemodel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activemodel\", rpm:\"rubygem-activemodel~3.0.11~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activemodel FEDORA-2013-0686", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2013-0155"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865224", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865224", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activemodel FEDORA-2013-0686\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097245.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865224\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:24:28 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0686\");\n script_name(\"Fedora Update for rubygem-activemodel FEDORA-2013-0686\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activemodel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-activemodel on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activemodel\", rpm:\"rubygem-activemodel~3.0.10~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activemodel FEDORA-2013-0635", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2013-0155"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865226", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865226", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activemodel FEDORA-2013-0635\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097312.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865226\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:24:34 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0635\");\n script_name(\"Fedora Update for rubygem-activemodel FEDORA-2013-0635\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activemodel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-activemodel on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activemodel\", rpm:\"rubygem-activemodel~3.0.11~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2013-0568", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2013-0155"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865148", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2013-0568\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097213.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865148\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:32:38 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0568\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2013-0568\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.2.8~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2013-0568", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2013-0155"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865182", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865182", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2013-0568\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097214.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865182\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:34:49 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0568\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2013-0568\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activesupport'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"rubygem-activesupport on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.2.8~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-11870", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3463", "CVE-2012-3465", "CVE-2012-1099", "CVE-2012-3424", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-3464", "CVE-2012-2694", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864635", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864635", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-11870\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085415.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864635\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-24 09:53:13 +0530 (Fri, 24 Aug 2012)\");\n script_cve_id(\"CVE-2012-3463\", \"CVE-2012-3464\", \"CVE-2012-3465\", \"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-11870\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-11870\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2018-01-11T11:07:39", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-08-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-11870", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3463", "CVE-2012-3465", "CVE-2012-1099", "CVE-2012-3424", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-3464", "CVE-2012-2694", "CVE-2012-1098"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:864635", "href": "http://plugins.openvas.org/nasl.php?oid=864635", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-11870\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 16\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085415.html\");\n script_id(864635);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-24 09:53:13 +0530 (Fri, 24 Aug 2012)\");\n script_cve_id(\"CVE-2012-3463\", \"CVE-2012-3464\", \"CVE-2012-3465\", \"CVE-2012-3424\", \"CVE-2012-2694\", \"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-11870\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-11870\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-02-05T11:10:49", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2013-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2013-4214", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1855", "CVE-2013-0155", "CVE-2013-1857"], "modified": "2018-02-03T00:00:00", "id": "OPENVAS:865512", "href": "http://plugins.openvas.org/nasl.php?oid=865512", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2013-4214\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-actionpack on Fedora 18\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101109.html\");\n script_id(865512);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:24:21 +0530 (Tue, 02 Apr 2013)\");\n script_cve_id(\"CVE-2013-1855\", \"CVE-2013-1857\", \"CVE-2013-0155\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-4214\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2013-4214\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.2.8~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-22T13:10:17", "description": "Check for the Version of rubygem-activerecord", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2013-0568", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2012-6496", "CVE-2013-0155"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:865112", "href": "http://plugins.openvas.org/nasl.php?oid=865112", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2013-0568\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-activerecord on Fedora 18\";\ntag_insight = \"Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database\n tables and classes together for business objects, like Customer or\n Subscription, that can find, save, and destroy themselves without resorting to\n manual SQL.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097212.html\");\n script_id(865112);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:29:31 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-6496\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0568\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2013-0568\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activerecord\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~3.2.8~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:10:04", "description": "Check for the Version of rubygem-activesupport", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2013-0635", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2012-3464", "CVE-2013-0155"], "modified": "2018-01-25T00:00:00", "id": "OPENVAS:865230", "href": "http://plugins.openvas.org/nasl.php?oid=865230", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2013-0635\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-activesupport on Fedora 17\";\ntag_insight = \"Utility library which carries commonly used classes and\n goodies from the Rails framework\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097313.html\");\n script_id(865230);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:24:52 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-3464\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0635\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2013-0635\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activesupport\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.11~7.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:52:08", "description": "Check for the Version of rubygem-activerecord", "cvss3": {}, "published": "2013-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2013-4139", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1854", "CVE-2012-6496", "CVE-2013-0155"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:865508", "href": "http://plugins.openvas.org/nasl.php?oid=865508", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2013-4139\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-activerecord on Fedora 18\";\ntag_insight = \"Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database\n tables and classes together for business objects, like Customer or\n Subscription, that can find, save, and destroy themselves without resorting to\n manual SQL.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101167.html\");\n script_id(865508);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:22:27 +0530 (Tue, 02 Apr 2013)\");\n script_cve_id(\"CVE-2013-1854\", \"CVE-2013-0155\", \"CVE-2012-6496\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-4139\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2013-4139\");\n\n script_summary(\"Check for the Version of rubygem-activerecord\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~3.2.8~5.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:51:37", "description": "Check for the Version of rubygem-activemodel", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activemodel FEDORA-2013-2391", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0276", "CVE-2013-0156", "CVE-2013-0155"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:865378", "href": "http://plugins.openvas.org/nasl.php?oid=865378", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activemodel FEDORA-2013-2391\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-activemodel on Fedora 17\";\ntag_insight = \"Rich support for attributes, callbacks, validations, observers,\n serialization, internationalization, and testing. It provides a known\n set of interfaces for usage in model classes. It also helps building\n custom ORMs for use outside of the Rails framework.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099036.html\");\n script_id(865378);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 09:59:54 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2013-0276\", \"CVE-2013-0155\", \"CVE-2013-0156\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-2391\");\n script_name(\"Fedora Update for rubygem-activemodel FEDORA-2013-2391\");\n\n script_summary(\"Check for the Version of rubygem-activemodel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activemodel\", rpm:\"rubygem-activemodel~3.0.11~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2013-0568", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2012-6496", "CVE-2013-0155"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865112", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865112", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2013-0568\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097212.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865112\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:29:31 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-6496\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0568\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2013-0568\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activerecord'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"rubygem-activerecord on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~3.2.8~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2013-0635", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2012-3464", "CVE-2013-0155"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865230", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865230", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2013-0635\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097313.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865230\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:24:52 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-3464\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0635\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2013-0635\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activesupport'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-activesupport on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.11~7.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2013-4214", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1855", "CVE-2013-0155", "CVE-2013-1857"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865512", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865512", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2013-4214\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101109.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865512\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:24:21 +0530 (Tue, 02 Apr 2013)\");\n script_cve_id(\"CVE-2013-1855\", \"CVE-2013-1857\", \"CVE-2013-0155\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2013-4214\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2013-4214\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.2.8~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activemodel FEDORA-2013-2391", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0276", "CVE-2013-0156", "CVE-2013-0155"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865378", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865378", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activemodel FEDORA-2013-2391\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099036.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865378\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 09:59:54 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2013-0276\", \"CVE-2013-0155\", \"CVE-2013-0156\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-2391\");\n script_name(\"Fedora Update for rubygem-activemodel FEDORA-2013-2391\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activemodel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-activemodel on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activemodel\", rpm:\"rubygem-activemodel~3.0.11~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2013-4139", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1854", "CVE-2012-6496", "CVE-2013-0155"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865508", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865508", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2013-4139\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101167.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865508\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:22:27 +0530 (Tue, 02 Apr 2013)\");\n script_cve_id(\"CVE-2013-1854\", \"CVE-2013-0155\", \"CVE-2012-6496\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-4139\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2013-4139\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activerecord'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"rubygem-activerecord on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~3.2.8~5.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-06T13:06:21", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-06-15T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-8883", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-1098"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:864444", "href": "http://plugins.openvas.org/nasl.php?oid=864444", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-8883\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 16\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082226.html\");\n script_id(864444);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-15 09:44:08 +0530 (Fri, 15 Jun 2012)\");\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-8883\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-8883\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~6.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-08T12:56:41", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2012-06-19T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-8912", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2011-2197", "CVE-2012-2660"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:864461", "href": "http://plugins.openvas.org/nasl.php?oid=864461", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-8912\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 15\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082316.html\");\n script_id(864461);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-19 09:37:33 +0530 (Tue, 19 Jun 2012)\");\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-1099\", \"CVE-2011-4319\", \"CVE-2011-2197\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-8912\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-8912\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.5~8.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-06-19T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-8912", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2011-2197", "CVE-2012-2660"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864461", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864461", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-8912\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082316.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864461\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-19 09:37:33 +0530 (Tue, 19 Jun 2012)\");\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-1099\", \"CVE-2011-4319\", \"CVE-2011-2197\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-8912\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-8912\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.5~8.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-06-15T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-8883", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1099", "CVE-2011-4319", "CVE-2012-2660", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864444", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864444", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-8883\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082226.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864444\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-15 09:44:08 +0530 (Fri, 15 Jun 2012)\");\n script_cve_id(\"CVE-2012-2660\", \"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-8883\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-8883\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~6.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2018-01-22T13:10:25", "description": "Check for the Version of rubygem-activesupport", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2013-0686", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2012-3464", "CVE-2013-0155", "CVE-2012-1098"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:865237", "href": "http://plugins.openvas.org/nasl.php?oid=865237", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2013-0686\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-activesupport on Fedora 16\";\ntag_insight = \"Utility library which carries commonly used classes and\n goodies from the Rails framework\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097244.html\");\n script_id(865237);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:26:00 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-3464\", \"CVE-2012-1098\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0686\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2013-0686\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activesupport\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.10~5.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2013-0686", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0156", "CVE-2012-3464", "CVE-2013-0155", "CVE-2012-1098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865237", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865237", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2013-0686\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097244.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865237\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:26:00 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-3464\", \"CVE-2012-1098\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0686\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2013-0686\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activesupport'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-activesupport on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.10~5.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-02-06T13:10:09", "description": "Check for the Version of ruby", "cvss3": {}, "published": "2013-03-11T00:00:00", "type": "openvas", "title": "SuSE Update for ruby openSUSE-SU-2013:0280-1 (ruby)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2013-0156", "CVE-2013-0155", "CVE-2013-0333", "CVE-2012-5664"], "modified": "2018-02-05T00:00:00", "id": "OPENVAS:850400", "href": "http://plugins.openvas.org/nasl.php?oid=850400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2013_0280_1.nasl 8672 2018-02-05 16:39:18Z teissa $\n#\n# SuSE Update for ruby openSUSE-SU-2013:0280-1 (ruby)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update updates the RubyOnRails 2.3 stack to 2.3.16.\n\n Security and bugfixes were done, foremost: CVE-2013-0333: A\n JSON sql/code injection problem was fixed. CVE-2012-5664: A\n SQL Injection Vulnerability in Active Record was fixed.\n CVE-2012-2695: A SQL injection via nested hashes in\n conditions was fixed. CVE-2013-0155: Unsafe Query\n Generation Risk in Ruby on Rails was fixed. CVE-2013-0156:\n Multiple vulnerabilities in parameter parsing in Action\n Pack were fixed. CVE-2012-5664: options hashes should only\n be extracted if there are extra parameters CVE-2012-2695:\n Fix SQL injection via nested hashes in conditions\n CVE-2013-0156: Hash.from_xml raises when it encounters\n type=&quot;symbol&quot; or type=&quot;yaml&quot;. Use Hash.from_trusted_xml to\n parse this XM\";\n\n\ntag_solution = \"Please Install the Updated Packages.\";\ntag_affected = \"ruby on openSUSE 11.4\";\n\n\n\n\nif(description)\n{\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_xref(name : \"URL\" , value : \"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00005.html\");\n script_id(850400);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 18:29:34 +0530 (Mon, 11 Mar 2013)\");\n script_cve_id(\"CVE-2012-2695\", \"CVE-2012-5664\", \"CVE-2013-0155\", \"CVE-2013-0156\",\n \"CVE-2013-0333\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2013:0280_1\");\n script_name(\"SuSE Update for ruby openSUSE-SU-2013:0280-1 (ruby)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionmailer-2_3\", rpm:\"rubygem-actionmailer-2_3~2.3.16~0.16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionmailer-2_3-doc\", rpm:\"rubygem-actionmailer-2_3-doc~2.3.16~0.16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionmailer-2_3-testsuite\", rpm:\"rubygem-actionmailer-2_3-testsuite~2.3.16~0.16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack-2_3\", rpm:\"rubygem-actionpack-2_3~2.3.16~0.23.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-doc\", rpm:\"rubygem-actionpack-2_3-doc~2.3.16~0.23.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-testsuite\", rpm:\"rubygem-actionpack-2_3-testsuite~2.3.16~0.23.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord-2_3\", rpm:\"rubygem-activerecord-2_3~2.3.16~0.19.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord-2_3-doc\", rpm:\"rubygem-activerecord-2_3-doc~2.3.16~0.19.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord-2_3-testsuite\", rpm:\"rubygem-activerecord-2_3-testsuite~2.3.16~0.19.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activeresource-2_3\", rpm:\"rubygem-activeresource-2_3~2.3.16~0.16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activeresource-2_3-doc\", rpm:\"rubygem-activeresource-2_3-doc~2.3.16~0.16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activeresource-2_3-testsuite\", rpm:\"rubygem-activeresource-2_3-testsuite~2.3.16~0.16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport-2_3\", rpm:\"rubygem-activesupport-2_3~2.3.16~0.16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport-2_3-doc\", rpm:\"rubygem-activesupport-2_3-doc~2.3.16~0.16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-rack\", rpm:\"rubygem-rack~1.1.5~0.8.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-rails-2_3\", rpm:\"rubygem-rails-2_3~2.3.16~0.12.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-rails-2_3-doc\", rpm:\"rubygem-rails-2_3-doc~2.3.16~0.12.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionmailer\", rpm:\"rubygem-actionmailer~2.3.16~0.6.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~2.3.16~0.6.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~2.3.16~0.6.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activeresource\", rpm:\"rubygem-activeresource~2.3.16~0.6.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~2.3.16~0.6.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ubygem-rails\", rpm:\"ubygem-rails~2.3.16~0.6.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:10:09", "description": "Check for the Version of rubygem-activerecord", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2013-2351", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2012-6496", "CVE-2012-2661", "CVE-2013-0277", "CVE-2013-0155"], "modified": "2018-01-26T00:00:00", "id": "OPENVAS:865365", "href": "http://plugins.openvas.org/nasl.php?oid=865365", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2013-2351\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-activerecord on Fedora 17\";\ntag_insight = \"Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database\n tables and classes together for business objects, like Customer or\n Subscription, that can find, save, and destroy themselves without resorting to\n manual SQL.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099026.html\");\n script_id(865365);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 09:58:32 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2013-0277\", \"CVE-2013-0155\", \"CVE-2012-6496\", \"CVE-2012-2695\", \"CVE-2012-2661\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2013-2351\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2013-2351\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activerecord\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~3.0.11~6.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:08:56", "description": "Check for the Version of rubygem-activerecord", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2013-0635", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2013-0156", "CVE-2012-6496", "CVE-2012-2661", "CVE-2013-0155"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:865232", "href": "http://plugins.openvas.org/nasl.php?oid=865232", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2013-0635\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rubygem-activerecord on Fedora 17\";\ntag_insight = \"Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database\n tables and classes together for business objects, like Customer or\n Subscription, that can find, save, and destroy themselves without resorting to\n manual SQL.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097311.html\");\n script_id(865232);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:25:01 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-6496\",\n \"CVE-2012-2695\", \"CVE-2012-2661\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0635\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2013-0635\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activerecord\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~3.0.11~5.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-05T11:10:37", "description": "Check for the Version of rubygem-activerecord", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2013-0686", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2013-0156", "CVE-2012-6496", "CVE-2012-2661", "CVE-2013-0155"], "modified": "2018-02-03T00:00:00", "id": "OPENVAS:865235", "href": "http://plugins.openvas.org/nasl.php?oid=865235", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2013-0686\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_solution = \"Please Install the Updated Packages.\";\ntag_insight = \"Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database\n tables and classes together for business objects, like Customer or\n Subscription, that can find, save, and destroy themselves without resorting to\n manual SQL.\";\ntag_affected = \"rubygem-activerecord on Fedora 16\";\n\n\n\n\nif(description)\n{\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097243.html\");\n script_id(865235);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:25:22 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-6496\",\n \"CVE-2012-2695\", \"CVE-2012-2661\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-0686\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2013-0686\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activerecord\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~3.0.10~5.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:09:43", "description": "Check for the Version of ruby", "cvss3": {}, "published": "2013-03-11T00:00:00", "type": "openvas", "title": "SuSE Update for ruby openSUSE-SU-2013:0278-1 (ruby)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2013-0156", "CVE-2013-0155", "CVE-2013-0333", "CVE-2012-5664"], "modified": "2018-01-26T00:00:00", "id": "OPENVAS:850397", "href": "http://plugins.openvas.org/nasl.php?oid=850397", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2013_0278_1.nasl 8542 2018-01-26 06:57:28Z teissa $\n#\n# SuSE Update for ruby openSUSE-SU-2013:0278-1 (ruby)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update updates the RubyOnRails 2.3 stack to 2.3.16,\n also this update updates the RubyOnRails 3.2 stack to\n 3.2.11.\n\n Security and bugfixes were done, foremost: CVE-2013-0333: A\n JSON sql/code injection problem was fixed. CVE-2012-5664: A\n SQL Injection Vulnerability in Active Record was fixed.\n CVE-2012-2695: A SQL injection via nested hashes in\n conditions was fixed. CVE-2013-0155: Unsafe Query\n Generation Risk in Ruby on Rails was fixed. CVE-2013-0156:\n Multiple vulnerabilities in parameter parsing in Action\n Pack were fixed.\";\n\n\ntag_affected = \"ruby on openSUSE 12.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00003.html\");\n script_id(850397);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 18:29:48 +0530 (Mon, 11 Mar 2013)\");\n script_cve_id(\"CVE-2012-2695\", \"CVE-2012-5664\", \"CVE-2013-0155\", \"CVE-2013-0156\",\n \"CVE-2013-0333\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"openSUSE-SU\", value: \"2013:0278_1\");\n script_name(\"SuSE Update for ruby openSUSE-SU-2013:0278-1 (ruby)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionmailer-2_3\", rpm:\"rubygem-actionmailer-2_3~2.3.16~3.9.3\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionmailer-2_3-doc\", rpm:\"rubygem-actionmailer-2_3-doc~2.3.16~3.9.3\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionmailer-2_3-testsuite\", rpm:\"rubygem-actionmailer-2_3-testsuite~2.3.16~3.9.3\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack-2_3\", rpm:\"rubygem-actionpack-2_3~2.3.16~3.16.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-doc\", rpm:\"rubygem-actionpack-2_3-doc~2.3.16~3.16.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-testsuite\", rpm:\"rubygem-actionpack-2_3-testsuite~2.3.16~3.16.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord-2_3\", rpm:\"rubygem-activerecord-2_3~2.3.16~3.12.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord-2_3-doc\", rpm:\"rubygem-activerecord-2_3-doc~2.3.16~3.12.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord-2_3-testsuite\", rpm:\"rubygem-activerecord-2_3-testsuite~2.3.16~3.12.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activeresource-2_3\", rpm:\"rubygem-activeresource-2_3~2.3.16~3.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activeresource-2_3-doc\", rpm:\"rubygem-activeresource-2_3-doc~2.3.16~3.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activeresource-2_3-testsuite\", rpm:\"rubygem-activeresource-2_3-testsuite~2.3.16~3.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport-2_3\", rpm:\"rubygem-activesupport-2_3~2.3.16~3.13.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport-2_3-doc\", rpm:\"rubygem-activesupport-2_3-doc~2.3.16~3.13.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-rack-1_1\", rpm:\"rubygem-rack-1_1~1.1.5~3.5.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-rack-1_1-doc\", rpm:\"rubygem-rack-1_1-doc~1.1.5~3.5.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-rack-1_1-testsuite\", rpm:\"rubygem-rack-1_1-testsuite~1.1.5~3.5.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-rails-2_3\", rpm:\"rubygem-rails-2_3~2.3.16~3.9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-rails-2_3-doc\", rpm:\"rubygem-rails-2_3-doc~2.3.16~3.9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionmailer\", rpm:\"rubygem-actionmailer~2.3.16~2.7.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~2.3.16~2.7.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~2.3.16~2.7.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activeresource\", rpm:\"rubygem-activeresource~2.3.16~2.7.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~2.3.16~2.7.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ubygem-rails\", rpm:\"ubygem-rails~2.3.16~2.7.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2013-2351", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2012-6496", "CVE-2012-2661", "CVE-2013-0277", "CVE-2013-0155"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865365", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865365", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2013-2351\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099026.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865365\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 09:58:32 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2013-0277\", \"CVE-2013-0155\", \"CVE-2012-6496\", \"CVE-2012-2695\", \"CVE-2012-2661\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2013-2351\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2013-2351\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activerecord'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-activerecord on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~3.0.11~6.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:40:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-03-11T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ruby (openSUSE-SU-2013:0278-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2013-0156", "CVE-2013-0155", "CVE-2013-0333", "CVE-2012-5664"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850397", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850397", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2013-02/msg00003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.850397\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 18:29:48 +0530 (Mon, 11 Mar 2013)\");\n script_cve_id(\"CVE-2012-2695\", \"CVE-2012-5664\", \"CVE-2013-0155\", \"CVE-2013-0156\",\n \"CVE-2013-0333\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"openSUSE-SU\", value:\"2013:0278-1\");\n script_name(\"openSUSE: Security Advisory for ruby (openSUSE-SU-2013:0278-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE12\\.1\");\n\n script_tag(name:\"affected\", value:\"ruby on openSUSE 12.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"insight\", value:\"This update updates the RubyOnRails 2.3 stack to 2.3.16,\n also this update updates the RubyOnRails 3.2 stack to\n 3.2.11.\n\n Security and bugfixes were done, foremost: CVE-2013-0333: A\n JSON sql/code injection problem was fixed. CVE-2012-5664: A\n SQL Injection Vulnerability in Active Record was fixed.\n CVE-2012-2695: A SQL injection via nested hashes in\n conditions was fixed. CVE-2013-0155: Unsafe Query\n Generation Risk in Ruby on Rails was fixed. CVE-2013-0156:\n Multiple vulnerabilities in parameter parsing in Action\n Pack were fixed.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionmailer-2_3\", rpm:\"rubygem-actionmailer-2_3~2.3.16~3.9.3\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionmailer-2_3-doc\", rpm:\"rubygem-actionmailer-2_3-doc~2.3.16~3.9.3\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionmailer-2_3-testsuite\", rpm:\"rubygem-actionmailer-2_3-testsuite~2.3.16~3.9.3\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack-2_3\", rpm:\"rubygem-actionpack-2_3~2.3.16~3.16.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-doc\", rpm:\"rubygem-actionpack-2_3-doc~2.3.16~3.16.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-testsuite\", rpm:\"rubygem-actionpack-2_3-testsuite~2.3.16~3.16.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activerecord-2_3\", rpm:\"rubygem-activerecord-2_3~2.3.16~3.12.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activerecord-2_3-doc\", rpm:\"rubygem-activerecord-2_3-doc~2.3.16~3.12.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activerecord-2_3-testsuite\", rpm:\"rubygem-activerecord-2_3-testsuite~2.3.16~3.12.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activeresource-2_3\", rpm:\"rubygem-activeresource-2_3~2.3.16~3.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activeresource-2_3-doc\", rpm:\"rubygem-activeresource-2_3-doc~2.3.16~3.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activeresource-2_3-testsuite\", rpm:\"rubygem-activeresource-2_3-testsuite~2.3.16~3.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activesupport-2_3\", rpm:\"rubygem-activesupport-2_3~2.3.16~3.13.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activesupport-2_3-doc\", rpm:\"rubygem-activesupport-2_3-doc~2.3.16~3.13.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rack-1_1\", rpm:\"rubygem-rack-1_1~1.1.5~3.5.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rack-1_1-doc\", rpm:\"rubygem-rack-1_1-doc~1.1.5~3.5.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rack-1_1-testsuite\", rpm:\"rubygem-rack-1_1-testsuite~1.1.5~3.5.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rails-2_3\", rpm:\"rubygem-rails-2_3~2.3.16~3.9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rails-2_3-doc\", rpm:\"rubygem-rails-2_3-doc~2.3.16~3.9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionmailer\", rpm:\"rubygem-actionmailer~2.3.16~2.7.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~2.3.16~2.7.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~2.3.16~2.7.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activeresource\", rpm:\"rubygem-activeresource~2.3.16~2.7.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~2.3.16~2.7.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ubygem-rails\", rpm:\"ubygem-rails~2.3.16~2.7.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2013-0635", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2013-0156", "CVE-2012-6496", "CVE-2012-2661", "CVE-2013-0155"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865232", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865232", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2013-0635\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097311.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865232\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:25:01 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-6496\",\n \"CVE-2012-2695\", \"CVE-2012-2661\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0635\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2013-0635\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activerecord'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-activerecord on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~3.0.11~5.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2013-0686", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2013-0156", "CVE-2012-6496", "CVE-2012-2661", "CVE-2013-0155"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865235", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865235", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2013-0686\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_tag(name:\"affected\", value:\"rubygem-activerecord on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097243.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865235\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:25:22 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2012-6496\",\n \"CVE-2012-2695\", \"CVE-2012-2661\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-0686\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2013-0686\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activerecord'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~3.0.10~5.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:40:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-03-11T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ruby (openSUSE-SU-2013:0280-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2013-0156", "CVE-2013-0155", "CVE-2013-0333", "CVE-2012-5664"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850400", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850400\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 18:29:34 +0530 (Mon, 11 Mar 2013)\");\n script_cve_id(\"CVE-2012-2695\", \"CVE-2012-5664\", \"CVE-2013-0155\", \"CVE-2013-0156\",\n \"CVE-2013-0333\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2013:0280-1\");\n script_name(\"openSUSE: Security Advisory for ruby (openSUSE-SU-2013:0280-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"ruby on openSUSE 11.4\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"insight\", value:\"This update updates the RubyOnRails 2.3 stack to 2.3.16.\n\n Security and bugfixes were done, foremost: CVE-2013-0333: A\n JSON sql/code injection problem was fixed. CVE-2012-5664: A\n SQL Injection Vulnerability in Active Record was fixed.\n CVE-2012-2695: A SQL injection via nested hashes in\n conditions was fixed. CVE-2013-0155: Unsafe Query\n Generation Risk in Ruby on Rails was fixed. CVE-2013-0156:\n Multiple vulnerabilities in parameter parsing in Action\n Pack were fixed. CVE-2012-5664: options hashes should only\n be extracted if there are extra parameters CVE-2012-2695:\n Fix SQL injection via nested hashes in conditions\n CVE-2013-0156: Hash.from_xml raises when it encounters\n type='symbol' or type='yaml'. Use Hash.from_trusted_xml to\n parse this XM\");\n\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2013-02/msg00005.html\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionmailer-2_3\", rpm:\"rubygem-actionmailer-2_3~2.3.16~0.16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionmailer-2_3-doc\", rpm:\"rubygem-actionmailer-2_3-doc~2.3.16~0.16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionmailer-2_3-testsuite\", rpm:\"rubygem-actionmailer-2_3-testsuite~2.3.16~0.16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack-2_3\", rpm:\"rubygem-actionpack-2_3~2.3.16~0.23.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-doc\", rpm:\"rubygem-actionpack-2_3-doc~2.3.16~0.23.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack-2_3-testsuite\", rpm:\"rubygem-actionpack-2_3-testsuite~2.3.16~0.23.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activerecord-2_3\", rpm:\"rubygem-activerecord-2_3~2.3.16~0.19.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activerecord-2_3-doc\", rpm:\"rubygem-activerecord-2_3-doc~2.3.16~0.19.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activerecord-2_3-testsuite\", rpm:\"rubygem-activerecord-2_3-testsuite~2.3.16~0.19.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activeresource-2_3\", rpm:\"rubygem-activeresource-2_3~2.3.16~0.16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activeresource-2_3-doc\", rpm:\"rubygem-activeresource-2_3-doc~2.3.16~0.16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activeresource-2_3-testsuite\", rpm:\"rubygem-activeresource-2_3-testsuite~2.3.16~0.16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activesupport-2_3\", rpm:\"rubygem-activesupport-2_3~2.3.16~0.16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activesupport-2_3-doc\", rpm:\"rubygem-activesupport-2_3-doc~2.3.16~0.16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rack\", rpm:\"rubygem-rack~1.1.5~0.8.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rails-2_3\", rpm:\"rubygem-rails-2_3~2.3.16~0.12.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rails-2_3-doc\", rpm:\"rubygem-rails-2_3-doc~2.3.16~0.12.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionmailer\", rpm:\"rubygem-actionmailer~2.3.16~0.6.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~2.3.16~0.6.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~2.3.16~0.6.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activeresource\", rpm:\"rubygem-activeresource~2.3.16~0.6.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~2.3.16~0.6.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ubygem-rails\", rpm:\"ubygem-rails~2.3.16~0.6.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2013-23636", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4491", "CVE-2013-6416", "CVE-2013-6417", "CVE-2013-6415", "CVE-2013-0155", "CVE-2013-6414"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867566", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867566", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2013-23636\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867566\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:21:25 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2013-6417\", \"CVE-2013-0155\", \"CVE-2013-4491\", \"CVE-2013-6415\",\n \"CVE-2013-6414\", \"CVE-2013-6416\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2013-23636\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-23636\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129541.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~4.0.0~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-25T10:49:02", "description": "Check for the Version of rubygem-actionpack", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2013-23636", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4491", "CVE-2013-6416", "CVE-2013-6417", "CVE-2013-6415", "CVE-2013-0155", "CVE-2013-6414"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867566", "href": "http://plugins.openvas.org/nasl.php?oid=867566", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2013-23636\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867566);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:21:25 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2013-6417\", \"CVE-2013-0155\", \"CVE-2013-4491\", \"CVE-2013-6415\",\n \"CVE-2013-6414\", \"CVE-2013-6416\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2013-23636\");\n\n tag_insight = \"Eases web-request routing, handling, and response as a half-way front,\nhalf-way page controller. Implemented with specific emphasis on enabling easy\nunit/integration testing that doesn't require a browser.\n\";\n\n tag_affected = \"rubygem-actionpack on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-23636\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129541.html\");\n script_summary(\"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~4.0.0~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "suse": [{"lastseen": "2016-09-04T11:43:58", "description": "This update to rubygem-actionpack fixes two unsafe query\n generations with &quot;IS NULL&quot; in the WHERE clause.\n (CVE-2012-2660\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2660\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2660</a>\n &gt; , CVE-2012-2694\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2694\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2694</a>\n &gt; )\n", "cvss3": {}, "published": "2012-08-21T20:08:29", "type": "suse", "title": "Security update for rubygem-actionpack (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-2660", "CVE-2012-2694"], "modified": "2012-08-21T20:08:29", "id": "SUSE-SU-2012:1015-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T11:31:56", "description": "3 Security issues were fixed in rails 2.3 core components.\n\n 2 NULL query issues where fixed in the actionpack gem. 1\n SQL injection was fixed in the activerecord gem.\n\n", "cvss3": {}, "published": "2012-08-09T18:08:34", "type": "suse", "title": "rubygem-actionpack/activerecord-2_3 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2012-2660", "CVE-2012-2694"], "modified": "2012-08-09T18:08:34", "id": "OPENSUSE-SU-2012:0978-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:17:56", "description": "This update to rubygem-activerecord fixes a SQL injection\n caused by mishandling nested parameters . ( CVE-2012-2695\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2695\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2695</a>\n &gt; )\n", "cvss3": {}, "published": "2012-08-21T20:08:28", "type": "suse", "title": "Security update for rubygem-activerecord (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2012-2660", "CVE-2012-2661", "CVE-2012-2694"], "modified": "2012-08-21T20:08:28", "id": "SUSE-SU-2012:1014-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:45:49", "description": "This update to rubygem-actionpack fixes two unsafe query\n generations with &quot;IS NULL&quot; in the WHERE clause.\n (CVE-2012-2660\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2660\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2660</a>\n &gt; , CVE-2012-2694\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2694\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2694</a>\n &gt; )\n", "cvss3": {}, "published": "2012-08-21T19:08:38", "type": "suse", "title": "Security update for rubygem-actionpack (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2012-2660", "CVE-2012-2661", "CVE-2012-2694"], "modified": "2012-08-21T19:08:38", "id": "SUSE-SU-2012:1012-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:59:55", "description": "This update updates the RubyOnRails 2.3 stack to 2.3.16,\n also this update updates the RubyOnRails 3.2 stack to\n 3.2.11.\n\n Security and bugfixes were done, foremost: CVE-2013-0333: A\n JSON sql/code injection problem was fixed. CVE-2012-5664: A\n SQL Injection Vulnerability in Active Record was fixed.\n CVE-2012-2695: A SQL injection via nested hashes in\n conditions was fixed. CVE-2013-0155: Unsafe Query\n Generation Risk in Ruby on Rails was fixed. CVE-2013-0156:\n Multiple vulnerabilities in parameter parsing in Action\n Pack were fixed.\n\n", "cvss3": {}, "published": "2013-02-12T10:10:39", "type": "suse", "title": "ruby on rails to 2.3.16 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2013-0156", "CVE-2013-0155", "CVE-2013-0333", "CVE-2012-5664"], "modified": "2013-02-12T10:10:39", "id": "OPENSUSE-SU-2013:0278-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00003.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:47:49", "description": "This update updates the RubyOnRails 2.3 stack to 2.3.16.\n\n Security and bugfixes were done, foremost: CVE-2013-0333: A\n JSON sql/code injection problem was fixed. CVE-2012-5664: A\n SQL Injection Vulnerability in Active Record was fixed.\n CVE-2012-2695: A SQL injection via nested hashes in\n conditions was fixed. CVE-2013-0155: Unsafe Query\n Generation Risk in Ruby on Rails was fixed. CVE-2013-0156:\n Multiple vulnerabilities in parameter parsing in Action\n Pack were fixed. CVE-2012-5664: options hashes should only\n be extracted if there are extra parameters CVE-2012-2695:\n Fix SQL injection via nested hashes in conditions\n CVE-2013-0156: Hash.from_xml raises when it encounters\n type=&quot;symbol&quot; or type=&quot;yaml&quot;. Use Hash.from_trusted_xml to\n parse this XM\n\n", "cvss3": {}, "published": "2013-02-12T11:04:29", "type": "suse", "title": "ruby on rails to 2.3.16 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-2695", "CVE-2013-0156", "CVE-2013-0155", "CVE-2013-0333", "CVE-2012-5664"], "modified": "2013-02-12T11:04:29", "id": "OPENSUSE-SU-2013:0280-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00005.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhatcve": [{"lastseen": "2021-11-09T01:51:26", "description": "A flaw was found in the way Active Record handled certain special values in dynamic finders and relations. If a Ruby on Rails application performed JSON parameter parsing, a remote attacker could possibly manipulate search conditions in SQL queries generated by the application.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-12T06:18:38", "type": "redhatcve", "title": "CVE-2016-6317", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6317"], "modified": "2021-11-08T23:52:14", "id": "RH:CVE-2016-6317", "href": "https://access.redhat.com/security/cve/cve-2016-6317", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "ibm": [{"lastseen": "2023-02-20T21:34:59", "description": "## Question\n\nIs the Network IPS system affected by Ruby on Rails vulnerabilities?\n\n## Answer\n\nIBM Security Network Intrusion Prevention System is affected by multiple vulnerabilities reported in Ruby on Rails. These vulnerabilities include multiple SQL injection, code execution, and denial of service vulnerabilities that could be exploited remotely by an attacker with access to the Local Management Interface (LMI). \n \n**Vulnerability Details: ** \n \nThe following information was provided by Ruby on Rails. In the case of IBM Security Network Intrusion Prevention System, the Local Management Interface requires single platform authentication specific to the IPS system, notwithstanding the information in the CVSS vectors specified below. Further for each vulnerability identified below, the vulnerability is remotely exploitable and no specialized knowledge is required. \n \nCVE-2013-0155 identified on the affected version of Ruby on Rails has no impact on the Intrusion Prevention System. \n \n \n**CVE ID**: CVE-2012-2660 \n \n**DESCRIPTION: ** \n \nA remote attacker could send specially-crafted SQL statements using an unspecified parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: _ See_ <https://exchange.xforce.ibmcloud.com/vulnerabilities/76015>_ for the current score_ \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVE ID:** CVE-2012-2694 \n \n**DESCRIPTION:** A remote attacker could send specially-crafted SQL statements to Active Record used in conjunction with parameter parsing from Rack via Action Pack, which could allow the attacker to view, add, modify or delete information in the back-end database. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: _See_ <https://exchange.xforce.ibmcloud.com/vulnerabilities/76255> _for the current score_ \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVE ID:** CVE-2013-0156 \n \n**DESCRIPTION:** Ruby on Rails could allow a remote attacker to execute arbitrary code on the system, caused by multiple errors in the XML parameter parsing code. The XML processor decodes a request as a YAML document or as a Ruby Symbol allowing an attacker to inject SQL commands, inject and execute arbitrary code and cause a denial of service. This will allow the attacker to take full control of the system. \n \nCVSS Base Score: 9.3 \nCVSS Temporal Score: _See_ <https://exchange.xforce.ibmcloud.com/vulnerabilities/81119> _for the current score_ \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) \n \n \n**CVE ID:** CVE-2013-6496 \n \n**DESCRIPTION:** A remote attacker could send specially-crafted SQL statements to the Active Record component which could allow the attacker to view, add, modify or delete information in the back-end database. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: _See_ <https://exchange.xforce.ibmcloud.com/vulnerabilities/81004> _for the current score_ \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n \n \n**CVE ID: **CVE-2012-3424 \n \n**DESCRIPTION: **By sending specially-crafted data to the Action Pack digest authentication (authenticate_or_request_with_http_digest), an attacker could exploit this to cause the system to crash. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: _See_ <https://exchange.xforce.ibmcloud.com/vulnerabilities/77240> _for the current score_ \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVE ID: **CVE-2012-2695 \n \n**DESCRIPTION: **A remote attacker could send specially-crafted SQL statements to the Active Record interface using nested query parameters, which could allow the attacker to view, add, modify or delete information in the back-end database. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: _See_ [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/76260>)[_https://exchange.xforce.ibmcloud.com/vulnerabilities/76260_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/76260>) _for the current score_ \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**AFFECTED PRODUCTS AND VERSIONS: ** \n \n**Products: **GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000 \n**Firmware versions**: 4.1, 4.2, 4.3, 4.4, 4.5 \n \n**REMEDIATION: ** \n \nThese fixes are included in firmware 4.6 for the IPS. \nThe following IBM Threat Fixpacks have the fixes for these vulnerabilities. \n \n\u00b7 4.3.0.0-ISS-ProvG-AllModels-System-FP0001 for all IBM Security Network Intrusion Prevention System products at Firmware version 4.3 \n\u00b7 4.4.0.0-ISS-ProvG-AllModels-System-FP0002 for all IBM Security Network Intrusion Prevention System products at Firmware version 4.4 \n\u00b7 4.5.0.0-ISS-ProvG-AllModels-System-FP0002 for all IBM Security Network Intrusion Prevention System products at Firmware version 4.5 \n \nIBM Security Network Intrusion Prevention** **System users on Firmware 4.1 and 4.2 should upgrade to Firmware 4.3, with fixpack 4.3.0.0-ISS-ProvG-AllModels-System-FP0001, or Firmware 4.4, with fixpack 4.4.0.0-ISS-ProvG-AllModels-System-FP0002, or Firmware 4.5, with fixpack 4.5.0.0-ISS-ProvG-AllModels-System-FP0002, or later. \n \n \n**Contact IBM Security Systems Support (**[**_http://www.ibm.com/support/entry/portal/overview_**](<http://www.ibm.com/support/entry/portal/overview>)**) to upgrade to the above required Fixpacks.** \n \n**_Workaround(s):_** \nNone \n \n**_Mitigation(s):_** \nNone \n \n**REFERENCES: ** \n\u00b7 [__On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)_ _ \n\u00b7 [__CVE-2012-2660__](<https://vulners.com/cve/CVE-2012-2660>) \n\u00b7 [__CVE-2012-6496__](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6496>) \n\u00b7 [__CVE-2012-2694__](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2694>) \n\u00b7 [__CVE-2013-0156__](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0156>) \n\u00b7 [_CVE-2012-0155_](<https://vulners.com/cve/CVE-2012-0155>) \n\u00b7 [_CVE-2012-3424_](<https://vulners.com/cve/CVE-2012-3424>) \n\u00b7 [_CVE-2012-2695_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2695>) \n \n \n**RELATED INFORMATION: ** \n[_IBM Secure Engineering Web Portal _](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>) \n[_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/PSIRT>) \n \n \n**ACKNOWLEDGEMENT** \nNone \n\n_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _\n\n \n**_Note: _**_According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY._ \n\n\n[{\"Product\":{\"code\":\"SS9SBT\",\"label\":\"Proventia Network Intrusion Prevention System\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"General Information\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"4.1;4.2;4.3;4.4;4.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {}, "published": "2021-01-25T20:13:51", "type": "ibm", "title": "Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0155", "CVE-2012-2660", "CVE-2012-2694", "CVE-2012-2695", "CVE-2012-3424", "CVE-2012-6496", "CVE-2013-0155", "CVE-2013-0156", "CVE-2013-6496"], "modified": "2021-01-25T20:13:51", "id": "45812683CEA60D9CC6817DBE36D23E729263EB6EDD74EEA214275620D34EDC74", "href": "https://www.ibm.com/support/pages/node/220435", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "silentrobots": [{"lastseen": "2021-07-28T14:34:11", "description": "[gumbler](<https://github.com/BuffaloWill/gumbler>) is a script I wrote to search through git commits. Examples from github are discussed below.\n\n# .gitignore\n\nA gitignore file is used to specify files that should not be tracked by git (source [gitignore](<http://git-scm.com/docs/gitignore>)). In the default case, gumbler will read the gitignore file for the project and search every revision for a case where a file from gitignore was committed. Possible use cases would be as a pen tester looking for reconnaisance data (e.g. developer usernames/passwords, staging hosts/services, etc.) or a developer to verify projects did not previously commit \u201csecret\u201d data.\n\nI am a big fan of what Netflix is doing with regards to open source and security. After looking through a number of their projects, I noticied Priam has a few commits with non-damaging files from the gitignore.\n \n \n 1\n 2\n 3\n 4\n 5\n 6\n 7\n 8\n 9\n 10\n 11\n 12\n 13\n 14\n 15\n 16\n 17\n 18\n 19\n 20\n 21\n \n\n| \n \n \n $. git clone https://github.com/Netflix/Priam.git\n Cloning into 'Priam'...\n ....\n Checking connectivity... done.\n $. ruby gumbler/gumbler.rb Priam/ gumbler_testing/tmp/\n |-| Jumping to remote @directory Priam/\n |-| Storing every revision\n checking for *.com..\n checking for *.class..\n .....\n |+| Looking for .classpath, Found it in BRANCH : 697fd66aae9beed107e13f49a741455f1d9d8dd9 .classpath. Storing it in gumbler_testing/tmp/.\n |+| Looking for .classpath, Found it in BRANCH : 47bdb537789c034493e94d8977eae77ecbfd5b24 .classpath. Storing it in gumbler_testing/tmp/.\n |+| Looking for .classpath, Found it in BRANCH : 442862d4a8d4d18d0e176ded8795dd45a24528fc .classpath. Storing it in gumbler_testing/tmp/.\n ....\n checking for .project..\n |+| Looking for .project, Found it in BRANCH : 697fd66aae9beed107e13f49a741455f1d9d8dd9 .project. Storing it in gumbler_testing/tmp/.\n |+| Looking for .project, Found it in BRANCH : 0941d9e0e0dda3ee1d9d4dda757d59ffb641abcf .project. Storing it in gumbler_testing/tmp/.\n |+| Looking for .project, Found it in BRANCH : 47bdb537789c034493e94d8977eae77ecbfd5b24 .project. Storing it in gumbler_testing/tmp/.\n ....\n checking for .settings..\n .... \n \n---|--- \n \n.classpath or .project are not damaging in this case and, hence, are used as the example. On a pen test or in collaborative projects I have found much worse (cough usernames, passwords). This shouldn\u2019t be that surprising.\n\n# Searching Commit Logs\n\nAnother use case for gumbler is to look through commit history. Using Ruby on Rails as an example, we can search from for any commit with \u201cCVE\u201d in it. Gumbler will output a diff from the files changed in the commit.\n \n \n 1\n 2\n 3\n 4\n 5\n 6\n 7\n 8\n 9\n 10\n 11\n 12\n 13\n 14\n 15\n 16\n 17\n 18\n 19\n 20\n 21\n 22\n 23\n 24\n \n\n| \n \n \n $. ruby gumbler/gumbler.rb --grep CVE rails/ tmp/\n |!| skipping .gitignore, searching commit log for CVE\n $. ls tmp/\n 060c91cd59ab86583a8f2f52142960d3433f62f5-2012-05-30_15:13:03_-0700.diff 88cc1688d0cb828c17706b41a8bd27870f2a2beb-2013-01-08_12:11:18_-0800.diff\n 08d0a11a3f62718d601d39e617c834759cf59bbb-2014-02-18_15:38:50_-0300.diff 8be6913990c30f63618173da722148892348dcc9-2013-03-15_17:45:53_-0700.diff\n 0b58a7ff420d7ef4b643c521a62be7259dd2f5cb-2011-02-08_14:21:12_-0800.diff 8e577fe560d5756fcc67840ba304d79ada6804e4-2013-01-08_12:41:24_-0800.diff\n 0c7ac34aed1845044cd1911e5a775366d7ca41c1-2013-12-02_16:42:16_-0800.diff 9340f89849606dba02f44038171f3837f883fd4e-2012-05-30_15:09:13_-0700.diff\n 2392535f4085d88186097e3c23414e958fb1d16d-2013-03-18_10:17:32_-0700.diff 93fb4c1e62dc9605eecbfaffda2becc85890fa5f-2014-07-10_10:20:16_-0700.diff\n ...\n $. cat 060c91cd59ab86583a8f2f52142960d3433f62f5-2012-05-30_15\\:13\\:03_-0700.diff \n 060c91cd59ab86583a8f2f52142960d3433f62f5-2012-05-30 15:13:03 -0700==> 2012-05-30 15:13:03 -0700 Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! Strip [nil] from parameters hash.\n Thanks to Ben Murphy for reporting this!\n \n CVE-2012-2660\n \n \n :100644 100644 aa5ba3e... 6757a53... M actionpack/lib/action_dispatch/http/request.rb\n :100644 100644 c3f009a... 6ea66f9... M actionpack/test/dispatch/request/query_string_parsing_test.rb\n \n diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb\n index aa5ba3e..6757a53 100644\n --- a/actionpack/lib/action_dispatch/http/request.rb\n +++ b/actionpack/lib/action_dispatch/http/request.rb\n .... \n \n---|--- \n \nAs the README says, be careful using the tool as it uses Command Execution to search. A malicious git project could take advantage of this. Ping me with better ways to handle this.", "cvss3": {}, "published": "2014-10-06T04:00:00", "type": "silentrobots", "title": "Searching Through Git Commits", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660"], "modified": "2014-10-06T04:00:00", "id": "SILENTROBOTS:FC79DEE8B3729FE529F4CD29DD5773C6", "href": "https://www.silentrobots.com/blog/2014/10/06/gumbler/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-29T13:21:50", "description": "[gumbler](<https://github.com/BuffaloWill/gumbler>) is a script I wrote to search through git commits. Examples from github are discussed below.\n\n# .gitignore\n\nA gitignore file is used to specify files that should not be tracked by git (source [gitignore](<http://git-scm.com/docs/gitignore>)). In the default case, gumbler will read the gitignore file for the project and search every revision for a case where a file from gitignore was committed. Possible use cases would be as a pen tester looking for reconnaisance data (e.g. developer usernames/passwords, staging hosts/services, etc.) or a developer to verify projects did not previously commit \u201csecret\u201d data.\n\nI am a big fan of what Netflix is doing with regards to open source and security. After looking through a number of their projects, I noticied Priam has a few commits with non-damaging files from the gitignore.\n \n \n 1\n 2\n 3\n 4\n 5\n 6\n 7\n 8\n 9\n 10\n 11\n 12\n 13\n 14\n 15\n 16\n 17\n 18\n 19\n 20\n 21\n \n\n| \n \n \n $. git clone https://github.com/Netflix/Priam.git\n Cloning into 'Priam'...\n ....\n Checking connectivity... done.\n $. ruby gumbler/gumbler.rb Priam/ gumbler_testing/tmp/\n |-| Jumping to remote @directory Priam/\n |-| Storing every revision\n checking for *.com..\n checking for *.class..\n .....\n |+| Looking for .classpath, Found it in BRANCH : 697fd66aae9beed107e13f49a741455f1d9d8dd9 .classpath. Storing it in gumbler_testing/tmp/.\n |+| Looking for .classpath, Found it in BRANCH : 47bdb537789c034493e94d8977eae77ecbfd5b24 .classpath. Storing it in gumbler_testing/tmp/.\n |+| Looking for .classpath, Found it in BRANCH : 442862d4a8d4d18d0e176ded8795dd45a24528fc .classpath. Storing it in gumbler_testing/tmp/.\n ....\n checking for .project..\n |+| Looking for .project, Found it in BRANCH : 697fd66aae9beed107e13f49a741455f1d9d8dd9 .project. Storing it in gumbler_testing/tmp/.\n |+| Looking for .project, Found it in BRANCH : 0941d9e0e0dda3ee1d9d4dda757d59ffb641abcf .project. Storing it in gumbler_testing/tmp/.\n |+| Looking for .project, Found it in BRANCH : 47bdb537789c034493e94d8977eae77ecbfd5b24 .project. Storing it in gumbler_testing/tmp/.\n ....\n checking for .settings..\n .... \n \n---|--- \n \n.classpath or .project are not damaging in this case and, hence, are used as the example. On a pen test or in collaborative projects I have found much worse (cough usernames, passwords). This shouldn\u2019t be that surprising.\n\n# Searching Commit Logs\n\nAnother use case for gumbler is to look through commit history. Using Ruby on Rails as an example, we can search from for any commit with \u201cCVE\u201d in it. Gumbler will output a diff from the files changed in the commit.\n \n \n 1\n 2\n 3\n 4\n 5\n 6\n 7\n 8\n 9\n 10\n 11\n 12\n 13\n 14\n 15\n 16\n 17\n 18\n 19\n 20\n 21\n 22\n 23\n 24\n \n\n| \n \n \n $. ruby gumbler/gumbler.rb --grep CVE rails/ tmp/\n |!| skipping .gitignore, searching commit log for CVE\n $. ls tmp/\n 060c91cd59ab86583a8f2f52142960d3433f62f5-2012-05-30_15:13:03_-0700.diff 88cc1688d0cb828c17706b41a8bd27870f2a2beb-2013-01-08_12:11:18_-0800.diff\n 08d0a11a3f62718d601d39e617c834759cf59bbb-2014-02-18_15:38:50_-0300.diff 8be6913990c30f63618173da722148892348dcc9-2013-03-15_17:45:53_-0700.diff\n 0b58a7ff420d7ef4b643c521a62be7259dd2f5cb-2011-02-08_14:21:12_-0800.diff 8e577fe560d5756fcc67840ba304d79ada6804e4-2013-01-08_12:41:24_-0800.diff\n 0c7ac34aed1845044cd1911e5a775366d7ca41c1-2013-12-02_16:42:16_-0800.diff 9340f89849606dba02f44038171f3837f883fd4e-2012-05-30_15:09:13_-0700.diff\n 2392535f4085d88186097e3c23414e958fb1d16d-2013-03-18_10:17:32_-0700.diff 93fb4c1e62dc9605eecbfaffda2becc85890fa5f-2014-07-10_10:20:16_-0700.diff\n ...\n $. cat 060c91cd59ab86583a8f2f52142960d3433f62f5-2012-05-30_15\\:13\\:03_-0700.diff \n 060c91cd59ab86583a8f2f52142960d3433f62f5-2012-05-30 15:13:03 -0700==> 2012-05-30 15:13:03 -0700 Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! Strip [nil] from parameters hash.\n Thanks to Ben Murphy for reporting this!\n \n CVE-2012-2660\n \n \n :100644 100644 aa5ba3e... 6757a53... M actionpack/lib/action_dispatch/http/request.rb\n :100644 100644 c3f009a... 6ea66f9... M actionpack/test/dispatch/request/query_string_parsing_test.rb\n \n diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb\n index aa5ba3e..6757a53 100644\n --- a/actionpack/lib/action_dispatch/http/request.rb\n +++ b/actionpack/lib/action_dispatch/http/request.rb\n .... \n \n---|--- \n \nAs the README says, be careful using the tool as it uses Command Execution to search. A malicious git project could take advantage of this. Ping me with better ways to handle this.", "cvss3": {}, "published": "2014-10-06T04:00:00", "title": "Searching Through Git Commits", "type": "silentrobots", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2012-2660"], "modified": "2014-10-06T04:00:00", "href": "https://www.silentrobots.com/blog/2014/10/05/gumbler/", "id": "SILENTROBOTS:A94A151FFC790CBB8F3E2E81C8C2A68D", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T17:47:08", "description": "BUGTRAQ ID: 57192\r\nCVE(CAN) ID: CVE-2013-0155\r\n\r\nRuby on Rails\u7b80\u79f0RoR\u6216Rails\uff0c\u662f\u4e00\u4e2a\u4f7f\u7528Ruby\u8bed\u8a00\u5199\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\uff0c\u5b83\u662f\u4e25\u683c\u6309\u7167MVC\u7ed3\u6784\u5f00\u53d1\u7684\u3002\r\n\r\nRuby on Rails\u7ed3\u5408JSON\u53c2\u6570\u89e3\u6790\u4f7f\u7528Active Record\u89e3\u91ca\u53c2\u6570\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u53d1\u9001\u5e26\u6709&quot;IS NULL&quot;\u7684\u610f\u5916\u6570\u636e\u5e93\u67e5\u8be2\u6216\u6e05\u7a7awhere\u8bed\u53e5\u3002\n0\nRuby on Rails Ruby on Rails 3.x\r\nRuby on Rails Ruby on Rails 2.3.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRuby on Rails\r\n-------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.rubyonrails.com/", "cvss3": {}, "published": "2013-01-10T00:00:00", "title": "Ruby on Rails\u4e0d\u5b89\u5168\u67e5\u8be2\u751f\u6210\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2013-0155"], "modified": "2013-01-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60567", "id": "SSV:60567", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-19T21:23:24", "description": "CVE ID: CVE-2012-2694,CVE-2012-2695\r\n\r\nRuby on Rails\u7b80\u79f0RoR\u6216Rails\uff0c\u662f\u4e00\u4e2a\u4f7f\u7528Ruby\u8bed\u8a00\u5199\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\uff0c\u5b83\u662f\u4e25\u683c\u6309\u7167MVC\u7ed3\u6784\u5f00\u53d1\u7684\u3002\r\n\r\nRuby on Rails 3.2.6\u30013.1.6\u30013.0.14\u4e4b\u524d\u7248\u672c\u5728SQL\u67e5\u8be2\u4e2d\u4f7f\u7528\u4e86\u6ca1\u6709\u6b63\u786e\u9a8c\u8bc1\u7684\u8f93\u5165\uff0c\u8fd9\u4e9b\u8f93\u5165\u662f\u901a\u8fc7\u5d4c\u5957\u67e5\u8be2\u53c2\u6570\u4f20\u9012\u5230Active Record\u63a5\u53e3\u7684\uff0c\u901a\u8fc7\u6ce8\u5165SQL\u4ee3\u7801\u64cd\u4f5cSQL\u67e5\u8be2\u3002\u5728\u4f7f\u7528ActionPack\u65f6\u53c2\u6570\u89e3\u6790Rack\u7684\u65b9\u5f0f\u4e2d\u4e5f\u5b58\u5728\u6f0f\u6d1e\uff0c\u53ef\u5141\u8bb8\u63d2\u5165&quot;IS NULL&quot;\u5230SQL\u67e5\u8be2\u3002\r\n0\r\nRuby on Rails 3.2.x\r\nRuby on Rails 3.1.x\r\nRuby on Rails 3.0.x\r\nRuby on Rails 2.3.x\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRuby on Rails\r\n-------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.rubyonrails.com/", "cvss3": {}, "published": "2012-06-16T00:00:00", "type": "seebug", "title": "Ruby on Rails\u5d4c\u5957\u53c2\u6570SQL\u6ce8\u5165\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-2694", "CVE-2012-2695"], "modified": "2012-06-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60217", "id": "SSV:60217", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2021-10-21T23:38:20", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2609-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJanuary 16, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nVulnerability : SQL query manipulation\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-0155\n\nAn interpretation conflict can cause the Active Record component of\nRails, a web framework for the Ruby programming language, to truncate\nqueries in unexpected ways. This may allow attackers to elevate their\nprivileges.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze5.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2013-01-16T21:17:01", "type": "debian", "title": "[SECURITY] [DSA 2609-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0155"], "modified": "2013-01-16T21:17:01", "id": "DEBIAN:DSA-2609-1:CB6F6", "href": "https://lists.debian.org/debian-security-announce/2013/msg00012.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2021-10-19T20:39:21", "description": "Ruby on Rails is a model\u2013view\u2013controller (MVC) framework for web\napplication development. Action Pack implements the controller and the view\ncomponents. Active Record implements object-relational mapping for\naccessing database entries using objects. Active Support provides support\nand utility classes used by the Ruby on Rails framework.\n\nMultiple flaws were found in the way Ruby on Rails performed XML parameter\nparsing in HTTP requests. A remote attacker could use these flaws to\nexecute arbitrary code with the privileges of a Ruby on Rails application,\nperform SQL injection attacks, or bypass the authentication using a\nspecially-created HTTP request. (CVE-2013-0156)\n\nRed Hat is aware that a public exploit for the CVE-2013-0156 issues is\navailable that allows remote code execution in applications using Ruby on\nRails.\n\nMultiple input validation vulnerabilities were discovered in\nrubygem-activerecord. A remote attacker could possibly use these flaws to\nperform an SQL injection attack against an application using\nrubygem-activerecord. (CVE-2012-2661, CVE-2012-2695, CVE-2012-6496,\nCVE-2013-0155)\n\nMultiple input validation vulnerabilities were discovered in\nrubygem-actionpack. A remote attacker could possibly use these flaws to\nperform an SQL injection attack against an application using\nrubygem-actionpack and rubygem-activerecord. (CVE-2012-2660, CVE-2012-2694)\n\nMultiple cross-site scripting (XSS) flaws were found in rubygem-actionpack.\nA remote attacker could use these flaws to conduct XSS attacks against\nusers of an application using rubygem-actionpack. (CVE-2012-3463,\nCVE-2012-3464, CVE-2012-3465)\n\nA flaw was found in the HTTP digest authentication implementation in\nrubygem-actionpack. A remote attacker could use this flaw to cause a\ndenial of service of an application using rubygem-actionpack and digest\nauthentication. (CVE-2012-3424)\n\nUsers are advised to upgrade to these updated rubygem-actionpack,\nrubygem-activesupport, and rubygem-activerecord packages, which resolve\nthese issues. Katello must be restarted (\"service katello restart\") for\nthis update to take effect.", "cvss3": {}, "published": "2013-01-10T20:37:00", "type": "redhat", "title": "(RHSA-2013:0154) Critical: Ruby on Rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2661", "CVE-2012-2694", "CVE-2012-2695", "CVE-2012-3424", "CVE-2012-3463", "CVE-2012-3464", "CVE-2012-3465", "CVE-2012-6496", "CVE-2013-0155", "CVE-2013-0156"], "modified": "2018-06-07T05:00:59", "id": "RHSA-2013:0154", "href": "https://access.redhat.com/errata/RHSA-2013:0154", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:46:32", "description": "Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action View implements the view component, and Active Record implements the model component.\n\nSecurity Fix(es) in rubygem-actionview:\n\n* It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316)\n\nSecurity Fix(es) in rubygem-activerecord:\n\n* A flaw was found in the way Active Record handled certain special values in dynamic finders and relations. If a Ruby on Rails application performed JSON parameter parsing, a remote attacker could possibly manipulate search conditions in SQL queries generated by the application. (CVE-2016-6317)\n\nRed Hat would like to thank the Ruby on Rails project for reporting these issues. Upstream acknowledges Andrew Carpenter (Critical Juncture) as the original reporter of CVE-2016-6316; and joernchen (Phenoelit) as the original reporter of CVE-2016-6317.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-09-13T09:49:49", "type": "redhat", "title": "(RHSA-2016:1855) Moderate: rh-ror42 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2018-04-23T07:41:48", "id": "RHSA-2016:1855", "href": "https://access.redhat.com/errata/RHSA-2016:1855", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-19T20:40:45", "description": "OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS)\nsolution from Red Hat, and is designed for on-premise or private cloud\ndeployments.\n\nInstalling the updated packages and restarting the OpenShift services are\nthe only requirements for this update. However, if you are updating your\nsystem to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise\n1.1.1 updates, it is recommended that you restart your system.\n\nFor further information about this release, refer to the OpenShift\nEnterprise 1.1.1 Technical Notes, available shortly from\nhttps://access.redhat.com/knowledge/docs/\n\nThis update also fixes the following security issues:\n\nMultiple cross-site scripting (XSS) flaws were found in rubygem-actionpack.\nA remote attacker could use these flaws to conduct XSS attacks against\nusers of an application using rubygem-actionpack. (CVE-2012-3463,\nCVE-2012-3464, CVE-2012-3465)\n\nIt was found that certain methods did not sanitize file names before\npassing them to lower layer routines in Ruby. If a Ruby application created\nfiles with names based on untrusted input, it could result in the creation\nof files with different names than expected. (CVE-2012-4522)\n\nA denial of service flaw was found in the implementation of associative\narrays (hashes) in Ruby. An attacker able to supply a large number of\ninputs to a Ruby application (such as HTTP POST request parameters sent to\na web application) that are used as keys when inserting data into an array\ncould trigger multiple hash function collisions, making array operations\ntake an excessive amount of CPU time. To mitigate this issue, a new, more\ncollision resistant algorithm has been used to reduce the chance of an\nattacker successfully causing intentional collisions. (CVE-2012-5371)\n\nInput validation vulnerabilities were discovered in rubygem-activerecord.\nA remote attacker could possibly use these flaws to perform an SQL\ninjection attack against an application using rubygem-activerecord.\n(CVE-2012-2661, CVE-2012-2695, CVE-2013-0155)\n\nInput validation vulnerabilities were discovered in rubygem-actionpack. A\nremote attacker could possibly use these flaws to perform an SQL injection\nattack against an application using rubygem-actionpack and\nrubygem-activerecord. (CVE-2012-2660, CVE-2012-2694)\n\nA flaw was found in the HTTP digest authentication implementation in\nrubygem-actionpack. A remote attacker could use this flaw to cause a\ndenial of service of an application using rubygem-actionpack and digest\nauthentication. (CVE-2012-3424)\n\nA flaw was found in the handling of strings in Ruby safe level 4. A remote\nattacker can use Exception#to_s to destructively modify an untainted string\nso that it is tainted, the string can then be arbitrarily modified.\n(CVE-2012-4466)\n\nA flaw was found in the method for translating an exception message into a\nstring in the Ruby Exception class. A remote attacker could use this flaw\nto bypass safe level 4 restrictions, allowing untrusted (tainted) code to\nmodify arbitrary, trusted (untainted) strings, which safe level 4\nrestrictions would otherwise prevent. (CVE-2012-4464)\n\nIt was found that ruby_parser from rubygem-ruby_parser created a temporary\nfile in an insecure way. A local attacker could use this flaw to perform a\nsymbolic link attack, overwriting arbitrary files accessible to the\napplication using ruby_parser. (CVE-2013-0162)\n\nThe CVE-2013-0162 issue was discovered by Michael Scherer of the Red Hat\nRegional IT team.\n\nUsers are advised to upgrade to Red Hat OpenShift Enterprise 1.1.1.\n", "cvss3": {}, "published": "2013-02-28T00:00:00", "type": "redhat", "title": "(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2660", "CVE-2012-2661", "CVE-2012-2694", "CVE-2012-2695", "CVE-2012-3424", "CVE-2012-3463", "CVE-2012-3464", "CVE-2012-3465", "CVE-2012-4464", "CVE-2012-4466", "CVE-2012-4522", "CVE-2012-5371", "CVE-2013-0155", "CVE-2013-0162", "CVE-2013-0276"], "modified": "2018-06-09T10:17:10", "id": "RHSA-2013:0582", "href": "https://access.redhat.com/errata/RHSA-2013:0582", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:37:32", "description": "Ruby on Rails is a model-view-controller (MVC) framework for web\napplication development. Action Pack implements the controller and the\nview components.\n\nA flaw was found in the way Ruby on Rails performed JSON parameter parsing.\nAn application using a third party library, which uses the Rack::Request\ninterface, or custom Rack middleware could bypass the protection\nimplemented to fix the CVE-2013-0155 vulnerability, causing the application\nto receive unsafe parameters and become vulnerable to CVE-2013-0155.\n(CVE-2013-6417)\n\nIt was discovered that the internationalization component of Ruby on Rails\ncould, under certain circumstances, return a fallback HTML string that\ncontained user input. A remote attacker could possibly use this flaw to\nperform a reflective cross-site scripting (XSS) attack by providing a\nspecially crafted input to an application using the aforementioned\ncomponent. (CVE-2013-4491)\n\nA denial of service flaw was found in the header handling component of\nAction View. A remote attacker could send strings in specially crafted\nheaders that would be cached indefinitely, which would result in all\navailable system memory eventually being consumed. (CVE-2013-6414)\n\nIt was found that the number_to_currency Action View helper did not\nproperly escape the unit parameter. An attacker could use this flaw to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user in the unit parameter. (CVE-2013-6415)\n\nUsers of Red Hat OpenStack 3.0 are advised to upgrade to these updated\npackages, which correct these issues.\n", "cvss3": {}, "published": "2014-01-06T00:00:00", "type": "redhat", "title": "(RHSA-2014:0008) Important: ruby193-rubygem-actionpack security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", &