Moderate severity vulnerability that affects actionpack
2017-10-24T18:33:38
ID GHSA-V5JG-558J-Q67C Type github Reporter GitHub Advisory Database Modified 2019-07-03T21:02:00
Description
Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.
{"id": "GHSA-V5JG-558J-Q67C", "bulletinFamily": "software", "title": "Moderate severity vulnerability that affects actionpack", "description": "Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.", "published": "2017-10-24T18:33:38", "modified": "2019-07-03T21:02:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://github.com/advisories/GHSA-v5jg-558j-q67c", "reporter": "GitHub Advisory Database", "references": ["https://github.com/advisories/GHSA-v5jg-558j-q67c", "https://nvd.nist.gov/vuln/detail/CVE-2011-2931"], "cvelist": ["CVE-2011-2931"], "type": "github", "lastseen": "2020-03-10T23:26:17", "edition": 2, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-2931"]}, {"type": "nessus", "idList": ["SUSE_11_4_RUBYGEM-ACTIONMAILER-111116.NASL", "SUSE_11_3_RUBYGEM-ACTIONMAILER-111116.NASL", "GENTOO_GLSA-201412-28.NASL", "FEDORA_2011-11572.NASL", "DEBIAN_DSA-2301.NASL", "FEDORA_2011-11386.NASL", "FEDORA_2011-11567.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231070710", "OPENVAS:1361412562310863857", "OPENVAS:136141256231070258", "OPENVAS:863883", "OPENVAS:70258", "OPENVAS:863989", "OPENVAS:1361412562310863475", "OPENVAS:863475", "OPENVAS:70710", "OPENVAS:70237"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2301-1:2E61E", "DEBIAN:DSA-2301-2:9F7DC"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26982", "SECURITYVULNS:VULN:11896"]}, {"type": "gentoo", "idList": ["GLSA-201412-28"]}, {"type": "github", "idList": ["GHSA-V5JG-558J-Q67C"]}], "modified": "2020-03-10T23:26:17", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2020-03-10T23:26:17", "rev": 2}, "vulnersScore": 4.4}, "affectedSoftware": [{"name": "actionpack", "operator": "lt", "version": "3.0.10"}, {"name": "actionpack", "operator": "lt", "version": "2.3.13"}], "scheme": null}
{"cve": [{"lastseen": "2020-10-03T11:39:30", "description": "Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.", "edition": 4, "cvss3": {}, "published": "2011-08-29T18:55:00", "title": "CVE-2011-2931", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2931"], "modified": "2019-08-08T15:42:00", "cpe": ["cpe:/a:rubyonrails:rails:2.0.2", "cpe:/a:rubyonrails:rails:2.1.2", "cpe:/a:rubyonrails:rails:2.2.2", "cpe:/a:rubyonrails:rails:3.0.10", "cpe:/a:rubyonrails:rails:3.0.7", "cpe:/a:rubyonrails:rails:3.0.0", "cpe:/a:rubyonrails:rails:2.3.3", "cpe:/a:rubyonrails:rails:3.0.4", "cpe:/a:rubyonrails:rails:2.1.0", "cpe:/a:rubyonrails:rails:3.1.0", "cpe:/a:rubyonrails:rails:2.2.0", "cpe:/a:rubyonrails:rails:3.0.6", "cpe:/a:rubyonrails:rails:3.0.8", "cpe:/a:rubyonrails:rails:3.0.1", "cpe:/a:rubyonrails:rails:3.0.9", "cpe:/a:rubyonrails:rails:2.0.0", "cpe:/a:rubyonrails:ruby_on_rails:3.0.4", "cpe:/a:rubyonrails:rails:2.3.9", "cpe:/a:rubyonrails:rails:2.3.4", "cpe:/a:rubyonrails:rails:2.1.1", "cpe:/a:rubyonrails:rails:3.0.3", "cpe:/a:rubyonrails:rails:2.0.4", "cpe:/a:rubyonrails:rails:3.0.5", "cpe:/a:rubyonrails:rails:2.3.10", "cpe:/a:rubyonrails:rails:2.3.12", "cpe:/a:rubyonrails:rails:2.0.1", "cpe:/a:rubyonrails:rails:3.0.2", "cpe:/a:rubyonrails:rails:2.3.11", "cpe:/a:rubyonrails:rails:2.3.2", "cpe:/a:rubyonrails:rails:2.2.1"], "id": "CVE-2011-2931", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2931", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-12T10:09:09", "description": "fixes security vulnerabilities in rubygem-actionpack\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-09-07T00:00:00", "title": "Fedora 15 : rubygem-actionpack-3.0.5-4.fc15 (2011-11572)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2929", "CVE-2011-2931"], "modified": "2011-09-07T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:15", "p-cpe:/a:fedoraproject:fedora:rubygem-actionpack"], "id": "FEDORA_2011-11572.NASL", "href": "https://www.tenable.com/plugins/nessus/56099", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11572.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56099);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2929\", \"CVE-2011-2931\");\n script_xref(name:\"FEDORA\", value:\"2011-11572\");\n\n script_name(english:\"Fedora 15 : rubygem-actionpack-3.0.5-4.fc15 (2011-11572)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"fixes security vulnerabilities in rubygem-actionpack\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=731432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=731436\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d67b787\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"rubygem-actionpack-3.0.5-4.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:09:09", "description": "fixes for BZs #731436, #732156\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-09-07T00:00:00", "title": "Fedora 14 : rubygem-actionpack-2.3.8-4.fc14 (2011-11567)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3186", "CVE-2011-2931"], "modified": "2011-09-07T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:rubygem-actionpack"], "id": "FEDORA_2011-11567.NASL", "href": "https://www.tenable.com/plugins/nessus/56098", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11567.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56098);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2931\", \"CVE-2011-3186\");\n script_xref(name:\"FEDORA\", value:\"2011-11567\");\n\n script_name(english:\"Fedora 14 : rubygem-actionpack-2.3.8-4.fc14 (2011-11567)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"fixes for BZs #731436, #732156\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=731436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732156\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?18d7e731\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"rubygem-actionpack-2.3.8-4.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T09:46:55", "description": "Several vulnerabilities have been discovered in Rails, the Ruby web\napplication framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2009-4214\n A cross-site scripting (XSS) vulnerability had been\n found in the strip_tags function. An attacker may inject\n non-printable characters that certain browsers will then\n evaluate. This vulnerability only affects the oldstable\n distribution (lenny).\n\n - CVE-2011-2930\n A SQL injection vulnerability had been found in the\n quote_table_name method that could allow malicious users\n to inject arbitrary SQL into a query.\n\n - CVE-2011-2931\n A cross-site scripting (XSS) vulnerability had been\n found in the strip_tags helper. An parsing error can be\n exploited by an attacker, who can confuse the parser and\n may inject HTML tags into the output document.\n\n - CVE-2011-3186\n A newline (CRLF) injection vulnerability had been found\n in response.rb. This vulnerability allows an attacker to\n inject arbitrary HTTP headers and conduct HTTP response\n splitting attacks via the Content-Type header.", "edition": 16, "published": "2011-09-06T00:00:00", "title": "Debian DSA-2301-2 : rails - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4214", "CVE-2011-3186", "CVE-2011-2931", "CVE-2011-2930"], "modified": "2011-09-06T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:rails", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2301.NASL", "href": "https://www.tenable.com/plugins/nessus/56074", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2301. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56074);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-4214\", \"CVE-2011-2930\", \"CVE-2011-2931\", \"CVE-2011-3186\");\n script_bugtraq_id(37142, 49179);\n script_xref(name:\"DSA\", value:\"2301\");\n\n script_name(english:\"Debian DSA-2301-2 : rails - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Rails, the Ruby web\napplication framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2009-4214\n A cross-site scripting (XSS) vulnerability had been\n found in the strip_tags function. An attacker may inject\n non-printable characters that certain browsers will then\n evaluate. This vulnerability only affects the oldstable\n distribution (lenny).\n\n - CVE-2011-2930\n A SQL injection vulnerability had been found in the\n quote_table_name method that could allow malicious users\n to inject arbitrary SQL into a query.\n\n - CVE-2011-2931\n A cross-site scripting (XSS) vulnerability had been\n found in the strip_tags helper. An parsing error can be\n exploited by an attacker, who can confuse the parser and\n may inject HTML tags into the output document.\n\n - CVE-2011-3186\n A newline (CRLF) injection vulnerability had been found\n in response.rb. This vulnerability allows an attacker to\n inject arbitrary HTTP headers and conduct HTTP response\n splitting attacks via the Content-Type header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2301\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the rails packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7+lenny2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"rails\", reference:\"2.1.0-7+lenny2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionmailer-ruby\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionmailer-ruby1.8\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionpack-ruby\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionpack-ruby1.8\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby1.8\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby1.9.1\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiveresource-ruby\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiveresource-ruby1.8\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby1.8\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby1.9.1\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails-doc\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails-ruby1.8\", reference:\"2.3.5-1.2+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:07", "description": "Update to Rails 3.0.10 which fixes several security bugs.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-09-07T00:00:00", "title": "Fedora 16 : rubygem-actionmailer-3.0.10-1.fc16 / rubygem-actionpack-3.0.10-1.fc16 / etc (2011-11386)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2932", "CVE-2011-2929", "CVE-2011-2931", "CVE-2011-2930"], "modified": "2011-09-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionmailer", "p-cpe:/a:fedoraproject:fedora:rubygem-activesupport", "p-cpe:/a:fedoraproject:fedora:rubygem-activemodel", "p-cpe:/a:fedoraproject:fedora:rubygem-activeresource", "cpe:/o:fedoraproject:fedora:16", "p-cpe:/a:fedoraproject:fedora:rubygem-rails", "p-cpe:/a:fedoraproject:fedora:rubygem-activerecord", "p-cpe:/a:fedoraproject:fedora:rubygem-railties", "p-cpe:/a:fedoraproject:fedora:rubygem-actionpack"], "id": "FEDORA_2011-11386.NASL", "href": "https://www.tenable.com/plugins/nessus/56097", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11386.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56097);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2929\", \"CVE-2011-2930\", \"CVE-2011-2931\", \"CVE-2011-2932\");\n script_xref(name:\"FEDORA\", value:\"2011-11386\");\n\n script_name(english:\"Fedora 16 : rubygem-actionmailer-3.0.10-1.fc16 / rubygem-actionpack-3.0.10-1.fc16 / etc (2011-11386)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Rails 3.0.10 which fixes several security bugs.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=731432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=731435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=731436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=731438\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065210.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04922293\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065211.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5853c7ae\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da11eb70\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065213.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d05c56f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065214.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f16ab7e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065215.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eacda069\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065216.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ffa816bf\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065217.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2b8f6ee\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activeresource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-actionmailer-3.0.10-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-actionpack-3.0.10-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-activemodel-3.0.10-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-activerecord-3.0.10-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-activeresource-3.0.10-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-activesupport-3.0.10-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-rails-3.0.10-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-railties-3.0.10-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionmailer / rubygem-actionpack / rubygem-activemodel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:08:08", "description": "This update of rails fixes the following security issues :\n\nCVE-2011-2930 - SQL-injection in quote_table_name function via\nspecially crafted column names (bnc#712062) CVE-2011-2931 - Cross-Site\nScripting (XSS) in the strip_tags helper (bnc#712057) CVE-2011-3186 -\nResponse Splitting (bnc#712058) CVE-2010-3933 - Arbitrary modification\nof records via specially crafted form parameters (bnc#712058)\nCVE-2011-0446 - Cross-Site Scripting (XSS) in the mail_to helper\n(bnc#668817) CVE-2011-0447 - Improper validation of 'X-Requested-With'\nheader (bnc#668817) CVE-2011-0448 - SQL-injection caused by improperly\nsanitized arguments to the limit function (bnc#668817) CVE-2011-0449 -\nBypass of access restrictions via specially crafted action names\n(bnc#668817)", "edition": 26, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : rubygem-actionmailer (openSUSE-SU-2011:1305-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0449", "CVE-2011-0448", "CVE-2011-3186", "CVE-2010-3933", "CVE-2011-2931", "CVE-2011-2930", "CVE-2011-0446", "CVE-2011-0447"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rubygem-rails", "p-cpe:/a:novell:opensuse:rubygem-rack", "p-cpe:/a:novell:opensuse:rubygem-activerecord-2_3", "p-cpe:/a:novell:opensuse:rubygem-actionmailer", "p-cpe:/a:novell:opensuse:rubygem-actionpack", "p-cpe:/a:novell:opensuse:rubygem-actionpack-2_3", "p-cpe:/a:novell:opensuse:rubygem-rails-2_3", "p-cpe:/a:novell:opensuse:rubygem-activesupport", "p-cpe:/a:novell:opensuse:rubygem-activeresource", "p-cpe:/a:novell:opensuse:rubygem-activeresource-2_3", "p-cpe:/a:novell:opensuse:rubygem-actionmailer-2_3", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:rubygem-activesupport-2_3", "p-cpe:/a:novell:opensuse:rubygem-activerecord"], "id": "SUSE_11_3_RUBYGEM-ACTIONMAILER-111116.NASL", "href": "https://www.tenable.com/plugins/nessus/75730", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update rubygem-actionmailer-5440.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75730);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3933\", \"CVE-2011-0446\", \"CVE-2011-0447\", \"CVE-2011-0448\", \"CVE-2011-0449\", \"CVE-2011-2930\", \"CVE-2011-2931\", \"CVE-2011-3186\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionmailer (openSUSE-SU-2011:1305-1)\");\n script_summary(english:\"Check for the rubygem-actionmailer-5440 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of rails fixes the following security issues :\n\nCVE-2011-2930 - SQL-injection in quote_table_name function via\nspecially crafted column names (bnc#712062) CVE-2011-2931 - Cross-Site\nScripting (XSS) in the strip_tags helper (bnc#712057) CVE-2011-3186 -\nResponse Splitting (bnc#712058) CVE-2010-3933 - Arbitrary modification\nof records via specially crafted form parameters (bnc#712058)\nCVE-2011-0446 - Cross-Site Scripting (XSS) in the mail_to helper\n(bnc#668817) CVE-2011-0447 - Improper validation of 'X-Requested-With'\nheader (bnc#668817) CVE-2011-0448 - SQL-injection caused by improperly\nsanitized arguments to the limit function (bnc#668817) CVE-2011-0449 -\nBypass of access restrictions via specially crafted action names\n(bnc#668817)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-12/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionmailer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionmailer-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activerecord-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activeresource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activeresource-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activesupport-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-rack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-rails-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rubygem-actionmailer-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rubygem-actionmailer-2_3-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rubygem-actionpack-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rubygem-actionpack-2_3-2.3.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rubygem-activerecord-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rubygem-activerecord-2_3-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rubygem-activeresource-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rubygem-activeresource-2_3-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rubygem-activesupport-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rubygem-activesupport-2_3-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rubygem-rack-1.1.2-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rubygem-rails-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rubygem-rails-2_3-2.3.14-0.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionmailer / rubygem-actionmailer-2_3 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:36:43", "description": "This update of rails fixes the following security issues :\n\nCVE-2011-2930 - SQL-injection in quote_table_name function via\nspecially crafted column names (bnc#712062) CVE-2011-2931 - Cross-Site\nScripting (XSS) in the strip_tags helper (bnc#712057) CVE-2011-3186 -\nResponse Splitting (bnc#712058) CVE-2010-3933 - Arbitrary modification\nof records via specially crafted form parameters (bnc#712058)\nCVE-2011-0446 - Cross-Site Scripting (XSS) in the mail_to helper\n(bnc#668817) CVE-2011-0447 - Improper validation of 'X-Requested-With'\nheader (bnc#668817) CVE-2011-0448 - SQL-injection caused by improperly\nsanitized arguments to the limit function (bnc#668817) CVE-2011-0449 -\nBypass of access restrictions via specially crafted action names\n(bnc#668817)", "edition": 26, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : rubygem-actionmailer (openSUSE-SU-2011:1305-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0449", "CVE-2011-0448", "CVE-2011-3186", "CVE-2010-3933", "CVE-2011-2931", "CVE-2011-2930", "CVE-2011-0446", "CVE-2011-0447"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rubygem-rails", "p-cpe:/a:novell:opensuse:rubygem-rack", "p-cpe:/a:novell:opensuse:rubygem-activerecord-2_3", "p-cpe:/a:novell:opensuse:rubygem-actionmailer", "p-cpe:/a:novell:opensuse:rubygem-actionpack", "p-cpe:/a:novell:opensuse:rubygem-actionmailer-2_3-testsuite", "p-cpe:/a:novell:opensuse:rubygem-activerecord-2_3-testsuite", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:rubygem-actionpack-2_3", "p-cpe:/a:novell:opensuse:rubygem-rails-2_3", "p-cpe:/a:novell:opensuse:rubygem-activesupport", "p-cpe:/a:novell:opensuse:rubygem-activeresource", "p-cpe:/a:novell:opensuse:rubygem-activeresource-2_3-testsuite", "p-cpe:/a:novell:opensuse:rubygem-activeresource-2_3", "p-cpe:/a:novell:opensuse:rubygem-actionmailer-2_3", "p-cpe:/a:novell:opensuse:rubygem-actionpack-2_3-testsuite", "p-cpe:/a:novell:opensuse:rubygem-activesupport-2_3", "p-cpe:/a:novell:opensuse:rubygem-activerecord"], "id": "SUSE_11_4_RUBYGEM-ACTIONMAILER-111116.NASL", "href": "https://www.tenable.com/plugins/nessus/76016", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update rubygem-actionmailer-5440.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76016);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3933\", \"CVE-2011-0446\", \"CVE-2011-0447\", \"CVE-2011-0448\", \"CVE-2011-0449\", \"CVE-2011-2930\", \"CVE-2011-2931\", \"CVE-2011-3186\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionmailer (openSUSE-SU-2011:1305-1)\");\n script_summary(english:\"Check for the rubygem-actionmailer-5440 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of rails fixes the following security issues :\n\nCVE-2011-2930 - SQL-injection in quote_table_name function via\nspecially crafted column names (bnc#712062) CVE-2011-2931 - Cross-Site\nScripting (XSS) in the strip_tags helper (bnc#712057) CVE-2011-3186 -\nResponse Splitting (bnc#712058) CVE-2010-3933 - Arbitrary modification\nof records via specially crafted form parameters (bnc#712058)\nCVE-2011-0446 - Cross-Site Scripting (XSS) in the mail_to helper\n(bnc#668817) CVE-2011-0447 - Improper validation of 'X-Requested-With'\nheader (bnc#668817) CVE-2011-0448 - SQL-injection caused by improperly\nsanitized arguments to the limit function (bnc#668817) CVE-2011-0449 -\nBypass of access restrictions via specially crafted action names\n(bnc#668817)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-12/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionmailer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionmailer-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionmailer-2_3-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack-2_3-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activerecord-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activerecord-2_3-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activeresource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activeresource-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activeresource-2_3-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activesupport-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-rack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-rails-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-actionmailer-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-actionmailer-2_3-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-actionmailer-2_3-testsuite-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-actionpack-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-actionpack-2_3-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-actionpack-2_3-testsuite-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-activerecord-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-activerecord-2_3-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-activerecord-2_3-testsuite-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-activeresource-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-activeresource-2_3-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-activeresource-2_3-testsuite-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-activesupport-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-activesupport-2_3-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-rack-1.1.2-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-rails-2.3.14-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rubygem-rails-2_3-2.3.14-0.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionmailer / rubygem-actionmailer-2_3 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:56:41", "description": "The remote host is affected by the vulnerability described in GLSA-201412-28\n(Ruby on Rails: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Ruby on Rails. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code or cause a Denial of\n Service condition. Furthermore, a remote attacker may be able to execute\n arbitrary SQL commands, change parameter names for form inputs and make\n changes to arbitrary records in the system, bypass intended access\n restrictions, render arbitrary views, inject arbitrary web script or\n HTML, or conduct cross-site request forgery (CSRF) attacks.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2014-12-15T00:00:00", "title": "GLSA-201412-28 : Ruby on Rails: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1854", "CVE-2013-0276", "CVE-2011-0449", "CVE-2011-2932", "CVE-2013-0156", "CVE-2013-1856", "CVE-2013-1855", "CVE-2011-0448", "CVE-2011-3186", "CVE-2011-2929", "CVE-2013-0277", "CVE-2010-3933", "CVE-2013-0155", "CVE-2011-2931", "CVE-2011-2930", "CVE-2013-0333", "CVE-2011-0446", "CVE-2013-1857", "CVE-2011-0447"], "modified": "2014-12-15T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:rails", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201412-28.NASL", "href": "https://www.tenable.com/plugins/nessus/79981", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-28.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79981);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-3933\", \"CVE-2011-0446\", \"CVE-2011-0447\", \"CVE-2011-0448\", \"CVE-2011-0449\", \"CVE-2011-2929\", \"CVE-2011-2930\", \"CVE-2011-2931\", \"CVE-2011-2932\", \"CVE-2011-3186\", \"CVE-2013-0155\", \"CVE-2013-0156\", \"CVE-2013-0276\", \"CVE-2013-0277\", \"CVE-2013-0333\", \"CVE-2013-1854\", \"CVE-2013-1855\", \"CVE-2013-1856\", \"CVE-2013-1857\");\n script_bugtraq_id(44124, 46291, 46292, 49179, 57187, 57192, 57575, 57896, 57898, 58549, 58552, 58554, 58555);\n script_xref(name:\"GLSA\", value:\"201412-28\");\n\n script_name(english:\"GLSA-201412-28 : Ruby on Rails: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-28\n(Ruby on Rails: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Ruby on Rails. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code or cause a Denial of\n Service condition. Furthermore, a remote attacker may be able to execute\n arbitrary SQL commands, change parameter names for form inputs and make\n changes to arbitrary records in the system, bypass intended access\n restrictions, render arbitrary views, inject arbitrary web script or\n HTML, or conduct cross-site request forgery (CSRF) attacks.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-28\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Ruby on Rails 2.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-ruby/rails-2.3.18'\n NOTE: All applications using Ruby on Rails should also be configured to\n use the latest version available by running “rake rails:update”\n inside the application directory.\n NOTE: This is a legacy GLSA and stable updates for Ruby on Rails,\n including the unaffected version listed above, are no longer available\n from Gentoo. It may be possible to upgrade to the 3.2, 4.0, or 4.1\n branches, however these packages are not currently stable.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails JSON Processor YAML Deserialization Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-ruby/rails\", unaffected:make_list(\"ge 2.3.18\"), vulnerable:make_list(\"lt 2.3.18\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Ruby on Rails\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-02T21:13:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3186", "CVE-2011-2931", "CVE-2011-2930"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-25T00:00:00", "published": "2011-09-21T00:00:00", "id": "OPENVAS:70258", "href": "http://plugins.openvas.org/nasl.php?oid=70258", "type": "openvas", "title": "FreeBSD Ports: rubygem-rails", "sourceData": "#\n#VID be77eff6-ca91-11e0-aea3-00215c6a37bb\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID be77eff6-ca91-11e0-aea3-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: rubygem-rails\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b\nhttp://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6\nhttp://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768\nhttp://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12\nhttp://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195\nhttp://www.vuxml.org/freebsd/be77eff6-ca91-11e0-aea3-00215c6a37bb.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70258);\n script_version(\"$Revision: 5424 $\");\n script_cve_id(\"CVE-2011-2930\", \"CVE-2011-2931\", \"CVE-2011-3186\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_bugtraq_id(49179);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: rubygem-rails\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"rubygem-rails\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.0.10\")<0) {\n txt += 'Package rubygem-rails version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3186", "CVE-2011-2931", "CVE-2011-2930"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2011-09-21T00:00:00", "id": "OPENVAS:136141256231070258", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070258", "type": "openvas", "title": "FreeBSD Ports: rubygem-rails", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_rubygem-rails3.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID be77eff6-ca91-11e0-aea3-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70258\");\n script_version(\"$Revision: 11762 $\");\n script_cve_id(\"CVE-2011-2930\", \"CVE-2011-2931\", \"CVE-2011-3186\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_bugtraq_id(49179);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: rubygem-rails\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: rubygem-rails\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389a\");\n script_xref(name:\"URL\", value:\"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6\");\n script_xref(name:\"URL\", value:\"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768\");\n script_xref(name:\"URL\", value:\"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12\");\n script_xref(name:\"URL\", value:\"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/be77eff6-ca91-11e0-aea3-00215c6a37bb.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"rubygem-rails\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.0.10\")<0) {\n txt += 'Package rubygem-rails version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2197", "CVE-2011-2929", "CVE-2011-2931"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-09-12T00:00:00", "id": "OPENVAS:1361412562310863475", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863475", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2011-11572", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2011-11572\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863475\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-12 16:29:49 +0200 (Mon, 12 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-11572\");\n script_cve_id(\"CVE-2011-2197\", \"CVE-2011-2929\", \"CVE-2011-2931\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2011-11572\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.5~4.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-25T10:55:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2197", "CVE-2011-2929", "CVE-2011-2931"], "description": "Check for the Version of rubygem-actionpack", "modified": "2017-07-10T00:00:00", "published": "2011-09-12T00:00:00", "id": "OPENVAS:863475", "href": "http://plugins.openvas.org/nasl.php?oid=863475", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2011-11572", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2011-11572\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 15\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html\");\n script_id(863475);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-12 16:29:49 +0200 (Mon, 12 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-11572\");\n script_cve_id(\"CVE-2011-2197\", \"CVE-2011-2929\", \"CVE-2011-2931\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2011-11572\");\n\n script_summary(\"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.5~4.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3186", "CVE-2011-2931", "CVE-2011-0446", "CVE-2011-0447"], "description": "Check for the Version of rubygem-actionpack", "modified": "2017-07-10T00:00:00", "published": "2011-09-12T00:00:00", "id": "OPENVAS:863490", "href": "http://plugins.openvas.org/nasl.php?oid=863490", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2011-11567", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2011-11567\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 14\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html\");\n script_id(863490);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-12 16:29:49 +0200 (Mon, 12 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11567\");\n script_cve_id(\"CVE-2011-0446\", \"CVE-2011-0447\", \"CVE-2011-2931\", \"CVE-2011-3186\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2011-11567\");\n\n script_summary(\"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~2.3.8~4.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3186", "CVE-2011-2931", "CVE-2011-0446", "CVE-2011-0447"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-09-12T00:00:00", "id": "OPENVAS:1361412562310863490", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863490", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2011-11567", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2011-11567\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863490\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-12 16:29:49 +0200 (Mon, 12 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-11567\");\n script_cve_id(\"CVE-2011-0446\", \"CVE-2011-0447\", \"CVE-2011-2931\", \"CVE-2011-3186\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2011-11567\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~2.3.8~4.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:55:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4214", "CVE-2011-3186", "CVE-2011-2931", "CVE-2011-2930"], "description": "The remote host is missing an update to rails\nannounced via advisory DSA 2301-1.", "modified": "2017-07-07T00:00:00", "published": "2011-09-21T00:00:00", "id": "OPENVAS:70237", "href": "http://plugins.openvas.org/nasl.php?oid=70237", "type": "openvas", "title": "Debian Security Advisory DSA 2301-1 (rails)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2301_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2301-1 (rails)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Rails, the Ruby web\napplication framework. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2009-4214\n\nA cross-site scripting (XSS) vulnerability had been found in the\nstrip_tags function. An attacker may inject non-printable characters\nthat certain browsers will then evaluate. This vulnerability only\naffects the oldstable distribution (lenny).\n\nCVE-2011-2930\n\nA SQL injection vulnerability had been found in the quote_table_name\nmethod could allow malicious users to inject arbitrary SQL into a\nquery.\n\nCVE-2011-2931\n\nA cross-site scripting (XSS) vulnerability had been found in the\nstrip_tags helper. An parsing error can be exploited by an attacker,\nwho can confuse the parser and may inject HTML tags into the output\ndocument.\n\nCVE-2011-3186\n\nA newline (CRLF) injection vulnerability had been found in\nresponse.rb. This vulnerability allows an attacker to inject arbitrary\nHTTP headers and conduct HTTP response splitting attacks via the\nContent-Type header.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3.14.\n\nWe recommend that you upgrade your rails packages.\";\ntag_summary = \"The remote host is missing an update to rails\nannounced via advisory DSA 2301-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202301-1\";\n\n\nif(description)\n{\n script_id(70237);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2930\", \"CVE-2011-2931\", \"CVE-2011-3186\", \"CVE-2009-4214\");\n script_name(\"Debian Security Advisory DSA 2301-1 (rails)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"rails\", ver:\"2.1.0-7+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4214", "CVE-2011-3186", "CVE-2011-2931", "CVE-2011-2930"], "description": "The remote host is missing an update to rails\nannounced via advisory DSA 2301-2.", "modified": "2019-03-18T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:136141256231070710", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070710", "type": "openvas", "title": "Debian Security Advisory DSA 2301-2 (rails)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2301_2.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2301-2 (rails)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70710\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2930\", \"CVE-2011-2931\", \"CVE-2011-3186\", \"CVE-2009-4214\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:28:39 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2301-2 (rails)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202301-2\");\n script_tag(name:\"insight\", value:\"It was discovered that the last security update for Ruby on Rails,\nDSA-2301-1, introduced a regression in the libactionpack-ruby package.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7+lenny2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze2.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your rails packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to rails\nannounced via advisory DSA 2301-2.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.1.0-7+lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4214", "CVE-2011-3186", "CVE-2011-2931", "CVE-2011-2930"], "description": "The remote host is missing an update to rails\nannounced via advisory DSA 2301-1.", "modified": "2019-03-18T00:00:00", "published": "2011-09-21T00:00:00", "id": "OPENVAS:136141256231070237", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070237", "type": "openvas", "title": "Debian Security Advisory DSA 2301-1 (rails)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2301_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2301-1 (rails)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70237\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2930\", \"CVE-2011-2931\", \"CVE-2011-3186\", \"CVE-2009-4214\");\n script_name(\"Debian Security Advisory DSA 2301-1 (rails)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202301-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in Rails, the Ruby web\napplication framework. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2009-4214\n\nA cross-site scripting (XSS) vulnerability had been found in the\nstrip_tags function. An attacker may inject non-printable characters\nthat certain browsers will then evaluate. This vulnerability only\naffects the oldstable distribution (lenny).\n\nCVE-2011-2930\n\nA SQL injection vulnerability had been found in the quote_table_name\nmethod could allow malicious users to inject arbitrary SQL into a\nquery.\n\nCVE-2011-2931\n\nA cross-site scripting (XSS) vulnerability had been found in the\nstrip_tags helper. An parsing error can be exploited by an attacker,\nwho can confuse the parser and may inject HTML tags into the output\ndocument.\n\nCVE-2011-3186\n\nA newline (CRLF) injection vulnerability had been found in\nresponse.rb. This vulnerability allows an attacker to inject arbitrary\nHTTP headers and conduct HTTP response splitting attacks via the\nContent-Type header.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3.14.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your rails packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to rails\nannounced via advisory DSA 2301-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.1.0-7+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.5-1.2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:51:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4214", "CVE-2011-3186", "CVE-2011-2931", "CVE-2011-2930"], "description": "The remote host is missing an update to rails\nannounced via advisory DSA 2301-2.", "modified": "2017-07-07T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:70710", "href": "http://plugins.openvas.org/nasl.php?oid=70710", "type": "openvas", "title": "Debian Security Advisory DSA 2301-2 (rails)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2301_2.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2301-2 (rails)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the last security update for Ruby on Rails,\nDSA-2301-1, introduced a regression in the libactionpack-ruby package.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7+lenny2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze2.\n\nWe recommend that you upgrade your rails packages.\";\ntag_summary = \"The remote host is missing an update to rails\nannounced via advisory DSA 2301-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202301-2\";\n\nif(description)\n{\n script_id(70710);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2930\", \"CVE-2011-2931\", \"CVE-2011-3186\", \"CVE-2009-4214\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:28:39 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2301-2 (rails)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.1.0-7+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.5-1.2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2197", "CVE-2011-2929", "CVE-2011-2931"], "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "modified": "2011-09-07T00:07:54", "published": "2011-09-07T00:07:54", "id": "FEDORA:1BD8711069D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: rubygem-actionpack-3.0.5-4.fc15", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2929", "CVE-2011-2930", "CVE-2011-2931", "CVE-2011-2932"], "description": "Utility library which carries commonly used classes and goodies from the Rails framework ", "modified": "2011-09-07T03:23:00", "published": "2011-09-07T03:23:00", "id": "FEDORA:7BD77110672", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-1.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2929", "CVE-2011-2930", "CVE-2011-2931", "CVE-2011-2932"], "description": "Wraps web resources in model classes that can be manipulated through XML ov er REST. ", "modified": "2011-09-07T03:23:00", "published": "2011-09-07T03:23:00", "id": "FEDORA:8B53B110917", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-activeresource-3.0.10-1.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2929", "CVE-2011-2930", "CVE-2011-2931", "CVE-2011-2932"], "description": "Rails is a framework for building web-application using CGI, FCGI, mod_ruby, or WEBrick on top of either MySQL, PostgreSQL, SQLite, DB2, SQL Server, or Oracle with eRuby- or Builder-based templates. ", "modified": "2011-09-07T03:23:00", "published": "2011-09-07T03:23:00", "id": "FEDORA:964A81109E2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-rails-3.0.10-1.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2929", "CVE-2011-2930", "CVE-2011-2931", "CVE-2011-2932"], "description": "Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework. ", "modified": "2011-09-07T03:23:00", "published": "2011-09-07T03:23:00", "id": "FEDORA:839AE110847", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-activemodel-3.0.10-1.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2929", "CVE-2011-2930", "CVE-2011-2931", "CVE-2011-2932"], "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "modified": "2011-09-07T03:23:00", "published": "2011-09-07T03:23:00", "id": "FEDORA:8F8A5110924", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-1.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2929", "CVE-2011-2930", "CVE-2011-2931", "CVE-2011-2932"], "description": "Makes it trivial to test and deliver emails sent from a single service laye r. ", "modified": "2011-09-07T03:23:00", "published": "2011-09-07T03:23:00", "id": "FEDORA:923DF110937", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-actionmailer-3.0.10-1.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2929", "CVE-2011-2930", "CVE-2011-2931", "CVE-2011-2932"], "description": "Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. ", "modified": "2011-09-07T03:23:00", "published": "2011-09-07T03:23:00", "id": "FEDORA:86AAD1108A0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-activerecord-3.0.10-1.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2929", "CVE-2011-2930", "CVE-2011-2931", "CVE-2011-2932"], "description": "Rails internals: application bootup, plugins, generators, and rake tasks. Railties is responsible to glue all frameworks together. Overall, it: * handles all the bootstrapping process for a Rails application; * manager rails command line interface; * provides Rails generators core; ", "modified": "2011-09-07T03:23:00", "published": "2011-09-07T03:23:00", "id": "FEDORA:945AD110986", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: rubygem-railties-3.0.10-1.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0446", "CVE-2011-0447", "CVE-2011-2931", "CVE-2011-3186"], "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "modified": "2011-09-07T00:15:09", "published": "2011-09-07T00:15:09", "id": "FEDORA:296ED110953", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: rubygem-actionpack-2.3.8-4.fc14", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2009-4214", "CVE-2011-3186", "CVE-2011-2931", "CVE-2011-2930"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2011-09-09T00:00:00", "published": "2011-09-09T00:00:00", "id": "SECURITYVULNS:VULN:11896", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11896", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2009-4214", "CVE-2011-3186", "CVE-2011-2931", "CVE-2011-2930"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2301-1 security@debian.org\r\nhttp://www.debian.org/security/ Luciano Bello\r\nSeptember 5, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : rails\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-2930 CVE-2011-2931 CVE-2011-3186 CVE-2009-4214\r\n\r\nSeveral vulnerabilities have been discovered in Rails, the Ruby web\r\napplication framework. The Common Vulnerabilities and Exposures project\r\nidentifies the following problems:\r\n\r\nCVE-2009-4214\r\n\r\n A cross-site scripting (XSS) vulnerability had been found in the\r\n strip_tags function. An attacker may inject non-printable characters\r\n that certain browsers will then evaluate. This vulnerability only\r\n affects the oldstable distribution (lenny).\r\n\r\nCVE-2011-2930\r\n\r\n A SQL injection vulnerability had been found in the quote_table_name\r\n method could allow malicious users to inject arbitrary SQL into a\r\n query.\r\n\r\nCVE-2011-2931\r\n\r\n A cross-site scripting (XSS) vulnerability had been found in the\r\n strip_tags helper. An parsing error can be exploited by an attacker,\r\n who can confuse the parser and may inject HTML tags into the output\r\n document.\r\n\r\nCVE-2011-3186\r\n\r\n A newline (CRLF) injection vulnerability had been found in\r\n response.rb. This vulnerability allows an attacker to inject arbitrary\r\n HTTP headers and conduct HTTP response splitting attacks via the\r\n Content-Type header.\r\n\r\nFor the oldstable distribution (lenny), this problem has been fixed in\r\nversion 2.1.0-7+lenny1.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 2.3.5-1.2+squeeze1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 2.3.14.\r\n\r\nWe recommend that you upgrade your rails packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJOZS+XAAoJEOxfUAG2iX57/RoIANAWqvaKoG3V5sfmVzREDG4M\r\nqcnQ3RhaVc//I2RuvPDSY9zDbE4OfgNYRtAnk3j7kbVf0U4ohs9TNTJqy1uCYjZn\r\ndA6b27JdgxgXnRFM0AvHfYOyA/V2+w4ykwfAjGJG2hcmCxxkofDkzbf/WKrGinYV\r\no+NEF5QEU5y84Z+4EvFYEP+zmMShIvoBU/Fui+TNzxEh3MSRumMdJoJfV2MdSO+m\r\nC98R6hx1Q8nxmNCZpPXAWttfGomhtTXAwYIlywR0pqxyrBpsaEleNLbDPaNnr2/D\r\nJph+q3Mv5nRteRfMRyX0bmqguSYsa0TIFZlL5vvIRGBw+b7Q4wIL0ywRvWqxLGU=\r\n=r9kt\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-09-09T00:00:00", "published": "2011-09-09T00:00:00", "id": "SECURITYVULNS:DOC:26982", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26982", "title": "[SECURITY] [DSA 2301-1] rails security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:17:34", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4214", "CVE-2011-3186", "CVE-2011-2931", "CVE-2011-2930"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2392-1 security@debian.org\nhttp://www.debian.org/security/ \nJanuary 23, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-2930 CVE-2011-2931 CVE-2011-3186 CVE-2009-4214\nDebian Bug : 629067\n\nIt was discovered that the last security update for Ruby on Rails,\nDSA-2301-1, introduced a regression in the libactionpack-ruby package.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7+lenny2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze2.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-01-23T18:36:39", "published": "2012-01-23T18:36:39", "id": "DEBIAN:DSA-2301-2:9F7DC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00015.html", "title": "[SECURITY] [DSA 2301-2] rails regression", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:12:20", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4214", "CVE-2011-3186", "CVE-2011-2931", "CVE-2011-2930"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2301-1 security@debian.org\nhttp://www.debian.org/security/ Luciano Bello\nSeptember 5, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-2930 CVE-2011-2931 CVE-2011-3186 CVE-2009-4214\n\nSeveral vulnerabilities have been discovered in Rails, the Ruby web\napplication framework. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2009-4214\n\n A cross-site scripting (XSS) vulnerability had been found in the\n strip_tags function. An attacker may inject non-printable characters\n that certain browsers will then evaluate. This vulnerability only\n affects the oldstable distribution (lenny).\n\nCVE-2011-2930\n\n A SQL injection vulnerability had been found in the quote_table_name\n method could allow malicious users to inject arbitrary SQL into a\n query.\n\nCVE-2011-2931\n\n A cross-site scripting (XSS) vulnerability had been found in the\n strip_tags helper. An parsing error can be exploited by an attacker,\n who can confuse the parser and may inject HTML tags into the output\n document.\n\nCVE-2011-3186\n\n A newline (CRLF) injection vulnerability had been found in\n response.rb. This vulnerability allows an attacker to inject arbitrary\n HTTP headers and conduct HTTP response splitting attacks via the\n Content-Type header.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3.14.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-09-05T20:26:17", "published": "2011-09-05T20:26:17", "id": "DEBIAN:DSA-2301-1:2E61E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00177.html", "title": "[SECURITY] [DSA 2301-1] rails security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1854", "CVE-2013-0276", "CVE-2011-0449", "CVE-2011-2932", "CVE-2013-0156", "CVE-2013-1856", "CVE-2013-1855", "CVE-2011-0448", "CVE-2011-3186", "CVE-2011-2929", "CVE-2013-0277", "CVE-2010-3933", "CVE-2013-0155", "CVE-2011-2931", "CVE-2011-2930", "CVE-2013-0333", "CVE-2011-0446", "CVE-2013-1857", "CVE-2011-0447"], "description": "### Background\n\nRuby on Rails is a web-application and persistence framework.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Ruby on Rails. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could execute arbitrary code or cause a Denial of Service condition. Furthermore, a remote attacker may be able to execute arbitrary SQL commands, change parameter names for form inputs and make changes to arbitrary records in the system, bypass intended access restrictions, render arbitrary views, inject arbitrary web script or HTML, or conduct cross-site request forgery (CSRF) attacks. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Ruby on Rails 2.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-ruby/rails-2.3.18\"\n \n\nNOTE: All applications using Ruby on Rails should also be configured to use the latest version available by running \u201crake rails:update\u201d inside the application directory. \n\nNOTE: This is a legacy GLSA and stable updates for Ruby on Rails, including the unaffected version listed above, are no longer available from Gentoo. It may be possible to upgrade to the 3.2, 4.0, or 4.1 branches, however these packages are not currently stable.", "edition": 1, "modified": "2014-12-14T00:00:00", "published": "2014-12-14T00:00:00", "id": "GLSA-201412-28", "href": "https://security.gentoo.org/glsa/201412-28", "type": "gentoo", "title": "Ruby on Rails: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
