ID FEDORA_2012-3355.NASL Type nessus Reporter Tenable Modified 2018-11-28T00:00:00
Description
Fixes CVE-2012-1099 for F15.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2012-3355.
#
include("compat.inc");
if (description)
{
script_id(58371);
script_version("1.9");
script_cvs_date("Date: 2018/11/28 22:47:44");
script_cve_id("CVE-2012-1099");
script_bugtraq_id(52264);
script_xref(name:"FEDORA", value:"2012-3355");
script_name(english:"Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Fixes CVE-2012-1099 for F15.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=799276"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?aa31baaa"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected rubygem-actionpack package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");
script_set_attribute(attribute:"patch_publication_date", value:"2012/03/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC15", reference:"rubygem-actionpack-3.0.5-6.fc15")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rubygem-actionpack");
}
{"id": "FEDORA_2012-3355.NASL", "bulletinFamily": "scanner", "title": "Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)", "description": "Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2012-03-19T00:00:00", "modified": "2018-11-28T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=58371", "reporter": "Tenable", "references": ["http://www.nessus.org/u?aa31baaa", "https://bugzilla.redhat.com/show_bug.cgi?id=799276"], "cvelist": ["CVE-2012-1099"], "type": "nessus", "lastseen": "2019-02-21T01:16:22", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:15", "p-cpe:/a:fedoraproject:fedora:rubygem-actionpack"], "cvelist": ["CVE-2012-1099"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:13:29", "references": [{"idList": ["CVE-2012-1099"], "type": "cve"}, {"idList": ["DEBIAN:DSA-2466-1:8AFE9"], "type": "debian"}, {"idList": ["FEDORA_2012-3166.NASL", "FEDORA_2012-3321.NASL", "DEBIAN_DSA-2466.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:864039", "OPENVAS:863769", "OPENVAS:136141256231071345", "OPENVAS:1361412562310864435", "OPENVAS:864435", "OPENVAS:71345", "OPENVAS:864348", "OPENVAS:1361412562310864348", "OPENVAS:863810", "OPENVAS:1361412562310863769"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:28074", "SECURITYVULNS:VULN:12377"], "type": "securityvulns"}]}, "score": {"value": 2.1, "vector": "NONE"}}, "hash": "c97e4ec6022b8bdff889b83df9cec34ab908744ecbc35434bab66d53f7c29322", "hashmap": [{"hash": "ed0fdf3ff38eda5fe1fdd7361f123a4f", "key": "sourceData"}, {"hash": "1e66f474ec96c5bc9502defd13e991c8", "key": "href"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "f96934d91132ee5cd8af3664ceeaa6dc", "key": "cpe"}, {"hash": "0ef3cb33eb67d455b35240f07c586353", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "95b5027031695136a4aabeafa1f7d96c", "key": "references"}, {"hash": "460b12446c99e9f96de9e7fe92f5d167", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8266769973dd97fd1feef80a3559ef39", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "0f5dd8362af695e08e34e9e2c852fdae", "key": "title"}, {"hash": "3ccbfa49e9dba252180ef3c8db7d5d5d", "key": "pluginID"}, {"hash": "b5d3efd814a2164c48ae5e0799e66671", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58371", "id": "FEDORA_2012-3355.NASL", "lastseen": "2019-01-16T20:13:29", "modified": "2018-11-28T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "58371", "published": "2012-03-19T00:00:00", "references": ["http://www.nessus.org/u?aa31baaa", "https://bugzilla.redhat.com/show_bug.cgi?id=799276"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-3355.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58371);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-1099\");\n script_bugtraq_id(52264);\n script_xref(name:\"FEDORA\", value:\"2012-3355\");\n\n script_name(english:\"Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799276\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa31baaa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"rubygem-actionpack-3.0.5-6.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "title": "Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:13:29"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2012-1099"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "685d7f615fd296b9130b775c97b251d3fd51ec8c11f01cfc1d8b25045bd45d52", "hashmap": [{"hash": "1e66f474ec96c5bc9502defd13e991c8", "key": "href"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "95b5027031695136a4aabeafa1f7d96c", "key": "references"}, {"hash": "6a9878d99e1901546746474ba5759e26", "key": "sourceData"}, {"hash": "825fd3d541994dfc5f78abd80981048d", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8266769973dd97fd1feef80a3559ef39", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "0f5dd8362af695e08e34e9e2c852fdae", "key": "title"}, {"hash": "28033c5e0bf0c5f1073dc8996f5a8c76", "key": "modified"}, {"hash": "3ccbfa49e9dba252180ef3c8db7d5d5d", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "b5d3efd814a2164c48ae5e0799e66671", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58371", "id": "FEDORA_2012-3355.NASL", "lastseen": "2016-09-26T17:24:46", "modified": "2016-05-09T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "58371", "published": "2012-03-19T00:00:00", "references": ["http://www.nessus.org/u?aa31baaa", "https://bugzilla.redhat.com/show_bug.cgi?id=799276"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-3355.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58371);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/05/09 15:27:59 $\");\n\n script_cve_id(\"CVE-2012-1099\");\n script_bugtraq_id(52264);\n script_xref(name:\"FEDORA\", value:\"2012-3355\");\n\n script_name(english:\"Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799276\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa31baaa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"rubygem-actionpack-3.0.5-6.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "title": "Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:46"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:15", "p-cpe:/a:fedoraproject:fedora:rubygem-actionpack"], "cvelist": ["CVE-2012-1099"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "bd46ea166a9f2cd77acd6b39f23cabe22d8eafc811ea225eb352a0ebc506e9de", "hashmap": [{"hash": "1e66f474ec96c5bc9502defd13e991c8", "key": "href"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "f96934d91132ee5cd8af3664ceeaa6dc", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "95b5027031695136a4aabeafa1f7d96c", "key": "references"}, {"hash": "6a9878d99e1901546746474ba5759e26", "key": "sourceData"}, {"hash": "825fd3d541994dfc5f78abd80981048d", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8266769973dd97fd1feef80a3559ef39", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "0f5dd8362af695e08e34e9e2c852fdae", "key": "title"}, {"hash": "28033c5e0bf0c5f1073dc8996f5a8c76", "key": "modified"}, {"hash": "3ccbfa49e9dba252180ef3c8db7d5d5d", "key": "pluginID"}, {"hash": "b5d3efd814a2164c48ae5e0799e66671", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58371", "id": "FEDORA_2012-3355.NASL", "lastseen": "2017-10-29T13:38:42", "modified": "2016-05-09T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "58371", "published": "2012-03-19T00:00:00", "references": ["http://www.nessus.org/u?aa31baaa", "https://bugzilla.redhat.com/show_bug.cgi?id=799276"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-3355.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58371);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/05/09 15:27:59 $\");\n\n script_cve_id(\"CVE-2012-1099\");\n script_bugtraq_id(52264);\n script_xref(name:\"FEDORA\", value:\"2012-3355\");\n\n script_name(english:\"Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799276\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa31baaa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"rubygem-actionpack-3.0.5-6.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "title": "Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:38:42"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:15", "p-cpe:/a:fedoraproject:fedora:rubygem-actionpack"], "cvelist": ["CVE-2012-1099"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "07d97c3d39ac89c670a6e1b4410fb980bc642f319ab9c712e57f23300aaf09c2", "hashmap": [{"hash": "ed0fdf3ff38eda5fe1fdd7361f123a4f", "key": "sourceData"}, {"hash": "1e66f474ec96c5bc9502defd13e991c8", "key": "href"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "f96934d91132ee5cd8af3664ceeaa6dc", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "95b5027031695136a4aabeafa1f7d96c", "key": "references"}, {"hash": "460b12446c99e9f96de9e7fe92f5d167", "key": "modified"}, {"hash": "825fd3d541994dfc5f78abd80981048d", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8266769973dd97fd1feef80a3559ef39", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "0f5dd8362af695e08e34e9e2c852fdae", "key": "title"}, {"hash": "3ccbfa49e9dba252180ef3c8db7d5d5d", "key": "pluginID"}, {"hash": "b5d3efd814a2164c48ae5e0799e66671", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58371", "id": "FEDORA_2012-3355.NASL", "lastseen": "2018-11-29T19:29:26", "modified": "2018-11-28T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "58371", "published": "2012-03-19T00:00:00", "references": ["http://www.nessus.org/u?aa31baaa", "https://bugzilla.redhat.com/show_bug.cgi?id=799276"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-3355.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58371);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-1099\");\n script_bugtraq_id(52264);\n script_xref(name:\"FEDORA\", value:\"2012-3355\");\n\n script_name(english:\"Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799276\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa31baaa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"rubygem-actionpack-3.0.5-6.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "title": "Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-11-29T19:29:26"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:15", "p-cpe:/a:fedoraproject:fedora:rubygem-actionpack"], "cvelist": ["CVE-2012-1099"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "5142fc683caadd5e2980f9a10c85a916426a07024bc7f8f3ae3e8d41c21ba10d", "hashmap": [{"hash": "1e66f474ec96c5bc9502defd13e991c8", "key": "href"}, {"hash": "f96934d91132ee5cd8af3664ceeaa6dc", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "95b5027031695136a4aabeafa1f7d96c", "key": "references"}, {"hash": "6a9878d99e1901546746474ba5759e26", "key": "sourceData"}, {"hash": "825fd3d541994dfc5f78abd80981048d", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8266769973dd97fd1feef80a3559ef39", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "0f5dd8362af695e08e34e9e2c852fdae", "key": "title"}, {"hash": "28033c5e0bf0c5f1073dc8996f5a8c76", "key": "modified"}, {"hash": "3ccbfa49e9dba252180ef3c8db7d5d5d", "key": "pluginID"}, {"hash": "b5d3efd814a2164c48ae5e0799e66671", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58371", "id": "FEDORA_2012-3355.NASL", "lastseen": "2018-08-30T19:42:11", "modified": "2016-05-09T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "58371", "published": "2012-03-19T00:00:00", "references": ["http://www.nessus.org/u?aa31baaa", "https://bugzilla.redhat.com/show_bug.cgi?id=799276"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-3355.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58371);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/05/09 15:27:59 $\");\n\n script_cve_id(\"CVE-2012-1099\");\n script_bugtraq_id(52264);\n script_xref(name:\"FEDORA\", value:\"2012-3355\");\n\n script_name(english:\"Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799276\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa31baaa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"rubygem-actionpack-3.0.5-6.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "title": "Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:42:11"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:15", "p-cpe:/a:fedoraproject:fedora:rubygem-actionpack"], "cvelist": ["CVE-2012-1099"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "bd46ea166a9f2cd77acd6b39f23cabe22d8eafc811ea225eb352a0ebc506e9de", "hashmap": [{"hash": "1e66f474ec96c5bc9502defd13e991c8", "key": "href"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "f96934d91132ee5cd8af3664ceeaa6dc", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "95b5027031695136a4aabeafa1f7d96c", "key": "references"}, {"hash": "6a9878d99e1901546746474ba5759e26", "key": "sourceData"}, {"hash": "825fd3d541994dfc5f78abd80981048d", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8266769973dd97fd1feef80a3559ef39", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "0f5dd8362af695e08e34e9e2c852fdae", "key": "title"}, {"hash": "28033c5e0bf0c5f1073dc8996f5a8c76", "key": "modified"}, {"hash": "3ccbfa49e9dba252180ef3c8db7d5d5d", "key": "pluginID"}, {"hash": "b5d3efd814a2164c48ae5e0799e66671", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58371", "id": "FEDORA_2012-3355.NASL", "lastseen": "2018-09-01T23:48:19", "modified": "2016-05-09T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "58371", "published": "2012-03-19T00:00:00", "references": ["http://www.nessus.org/u?aa31baaa", "https://bugzilla.redhat.com/show_bug.cgi?id=799276"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-3355.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58371);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/05/09 15:27:59 $\");\n\n script_cve_id(\"CVE-2012-1099\");\n script_bugtraq_id(52264);\n script_xref(name:\"FEDORA\", value:\"2012-3355\");\n\n script_name(english:\"Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799276\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa31baaa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"rubygem-actionpack-3.0.5-6.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "title": "Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:48:19"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "f96934d91132ee5cd8af3664ceeaa6dc"}, {"key": "cvelist", "hash": "b5d3efd814a2164c48ae5e0799e66671"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "825fd3d541994dfc5f78abd80981048d"}, {"key": "href", "hash": "1e66f474ec96c5bc9502defd13e991c8"}, {"key": "modified", "hash": "460b12446c99e9f96de9e7fe92f5d167"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "3ccbfa49e9dba252180ef3c8db7d5d5d"}, {"key": "published", "hash": "8266769973dd97fd1feef80a3559ef39"}, {"key": "references", "hash": "95b5027031695136a4aabeafa1f7d96c"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "ed0fdf3ff38eda5fe1fdd7361f123a4f"}, {"key": "title", "hash": "0f5dd8362af695e08e34e9e2c852fdae"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "07d97c3d39ac89c670a6e1b4410fb980bc642f319ab9c712e57f23300aaf09c2", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1099"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2466.NASL", "FEDORA_2012-3321.NASL", "FEDORA_2012-3166.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2466-1:8AFE9"]}, {"type": "openvas", "idList": ["OPENVAS:71345", "OPENVAS:136141256231071345", "OPENVAS:1361412562310864348", "OPENVAS:1361412562310864435", "OPENVAS:1361412562310863769", "OPENVAS:864348", "OPENVAS:864435", "OPENVAS:863769", "OPENVAS:864039", "OPENVAS:1361412562310864039"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28074", "SECURITYVULNS:VULN:12377"]}], "modified": "2019-02-21T01:16:22"}, "score": {"value": 5.2, "vector": "NONE", "modified": "2019-02-21T01:16:22"}, "vulnersScore": 5.2}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-3355.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58371);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-1099\");\n script_bugtraq_id(52264);\n script_xref(name:\"FEDORA\", value:\"2012-3355\");\n\n script_name(english:\"Fedora 15 : rubygem-actionpack-3.0.5-6.fc15 (2012-3355)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2012-1099 for F15.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799276\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa31baaa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"rubygem-actionpack-3.0.5-6.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "58371", "cpe": ["cpe:/o:fedoraproject:fedora:15", "p-cpe:/a:fedoraproject:fedora:rubygem-actionpack"], "scheme": null}
{"cve": [{"lastseen": "2019-08-09T12:17:02", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.", "modified": "2019-08-08T15:42:00", "id": "CVE-2012-1099", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1099", "published": "2012-03-13T10:55:00", "title": "CVE-2012-1099", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-07-24T12:50:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update to rails\nannounced via advisory DSA 2466-1.", "modified": "2017-07-07T00:00:00", "published": "2012-05-31T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71345", "id": "OPENVAS:71345", "title": "Debian Security Advisory DSA 2466-1 (rails)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2466_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2466-1 (rails)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sergey Nartimov discovered that in Rails, a Ruby based framework for\nweb development, when developers generate html options tags manually,\nuser input concatenated with manually built tags may not be escaped\nand an attacker can inject arbitrary HTML into the document.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze3.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 2.3.14.\n\nWe recommend that you upgrade your rails packages.\";\ntag_summary = \"The remote host is missing an update to rails\nannounced via advisory DSA 2466-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202466-1\";\n\nif(description)\n{\n script_id(71345);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2012-1099\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-31 11:44:05 -0400 (Thu, 31 May 2012)\");\n script_name(\"Debian Security Advisory DSA 2466-1 (rails)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activeresource\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2.3.14.1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:01", "bulletinFamily": "scanner", "description": "The remote host is missing an update to rails\nannounced via advisory DSA 2466-1.", "modified": "2019-03-18T00:00:00", "published": "2012-05-31T00:00:00", "id": "OPENVAS:136141256231071345", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071345", "title": "Debian Security Advisory DSA 2466-1 (rails)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2466_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2466-1 (rails)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71345\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2012-1099\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-31 11:44:05 -0400 (Thu, 31 May 2012)\");\n script_name(\"Debian Security Advisory DSA 2466-1 (rails)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202466-1\");\n script_tag(name:\"insight\", value:\"Sergey Nartimov discovered that in Rails, a Ruby based framework for\nweb development, when developers generate html options tags manually,\nuser input concatenated with manually built tags may not be escaped\nand an attacker can inject arbitrary HTML into the document.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze3.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 2.3.14.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your rails packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to rails\nannounced via advisory DSA 2466-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.5-1.2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activeresource\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2.3.14.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-03-19T00:00:00", "id": "OPENVAS:1361412562310863769", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863769", "title": "Fedora Update for rubygem-activesupport FEDORA-2012-3321", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2012-3321\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863769\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:14:49 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-3321\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2012-3321\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activesupport'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"rubygem-activesupport on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.10~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-06T13:07:22", "bulletinFamily": "scanner", "description": "Check for the Version of rubygem-actionpack", "modified": "2018-01-05T00:00:00", "published": "2012-08-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864348", "id": "OPENVAS:864348", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-3166", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-3166\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 17\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075079.html\");\n script_id(864348);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:04:31 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-3166\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-3166\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-08T12:57:44", "bulletinFamily": "scanner", "description": "Check for the Version of rubygem-activesupport", "modified": "2018-01-08T00:00:00", "published": "2012-08-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864435", "id": "OPENVAS:864435", "title": "Fedora Update for rubygem-activesupport FEDORA-2012-3166", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2012-3166\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-activesupport on Fedora 17\";\ntag_insight = \"Utility library which carries commonly used classes and\n goodies from the Rails framework\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075080.html\");\n script_id(864435);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:09:38 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-3166\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2012-3166\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activesupport\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.11~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:56:20", "bulletinFamily": "scanner", "description": "Check for the Version of rubygem-activesupport", "modified": "2017-12-27T00:00:00", "published": "2012-03-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863769", "id": "OPENVAS:863769", "title": "Fedora Update for rubygem-activesupport FEDORA-2012-3321", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2012-3321\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-activesupport on Fedora 16\";\ntag_insight = \"Utility library which carries commonly used classes and\n goodies from the Rails framework\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html\");\n script_id(863769);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:14:49 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-3321\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2012-3321\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-activesupport\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.10~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:40", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864435", "title": "Fedora Update for rubygem-activesupport FEDORA-2012-3166", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2012-3166\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075080.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864435\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:09:38 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-3166\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2012-3166\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activesupport'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-activesupport on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~3.0.11~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864348", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864348", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-3166", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-3166\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075079.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864348\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:04:31 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-3166\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-3166\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.11~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310864039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864039", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-3355", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-3355\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864039\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:04:22 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-1099\", \"CVE-2011-4319\", \"CVE-2011-2197\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-3355\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-3355\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.5~6.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-18T11:06:57", "bulletinFamily": "scanner", "description": "Check for the Version of rubygem-actionpack", "modified": "2018-01-17T00:00:00", "published": "2012-03-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863810", "id": "OPENVAS:863810", "title": "Fedora Update for rubygem-actionpack FEDORA-2012-3321", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2012-3321\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rubygem-actionpack on Fedora 16\";\ntag_insight = \"Eases web-request routing, handling, and response as a half-way front,\n half-way page controller. Implemented with specific emphasis on enabling easy\n unit/integration testing that doesn't require a browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075676.html\");\n script_id(863810);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:19:11 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\", \"CVE-2011-4319\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-3321\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2012-3321\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rubygem-actionpack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~3.0.10~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2466-1 security@debian.org\r\nhttp://www.debian.org/security/ Thijs Kinkhorst\r\nMay 09, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : rails\r\nVulnerability : cross site scripting\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-1099\r\nDebian Bug : 668607\r\n\r\nSergey Nartimov discovered that in Rails, a Ruby based framework for\r\nweb development, when developers generate html options tags manually,\r\nuser input concatenated with manually built tags may not be escaped\r\nand an attacker can inject arbitrary HTML into the document.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 2.3.5-1.2+squeeze3.\r\n\r\nFor the testing distribution (wheezy) and unstable distribution (sid),\r\nthis problem has been fixed in version 2.3.14.\r\n\r\nWe recommend that you upgrade your rails packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJPqqmUAAoJEOxfUAG2iX576TAIANWp4utpgGLj6hVuNsrmuYOo\r\nfIxOW0nJDhoDfAUglXZvjkTFP/4z241H9L9MeG0MuSQL0mIbZ3yp8tg8MONWtfUJ\r\nl9TPPucCMukRBNZXAGcL3Q3VQcQDTRVZygDdEE6h7ZCQnXyYYFGaE9XyKpE4iMwQ\r\nZBxIs3rITS1nqUSGRJqQOXXTA/UsEAAmeTtrwXz0CJuxlml/poFAhiGwVE/WmzyR\r\n06bxelDxSklEpPB9TBCsDNOwIBkNEb5rL+0WkM4C4VZ7A1oKdxougNZhs+QNWxXI\r\nNup7Wm0XpykwvR6b7n5iWjnO8ACL2eS9p/sivKqIRwcmMzwyFBzJMHKrGE7IFOQ=\r\n=0qiE\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-05-14T00:00:00", "published": "2012-05-14T00:00:00", "id": "SECURITYVULNS:DOC:28074", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28074", "title": "[SECURITY] [DSA 2466-1] rails security update", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2012-05-14T00:00:00", "published": "2012-05-14T00:00:00", "id": "SECURITYVULNS:VULN:12377", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12377", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:16:40", "bulletinFamily": "scanner", "description": "Sergey Nartimov discovered that in Rails, a Ruby based framework for web development, when developers generate html options tags manually, user input concatenated with manually built tags may not be escaped and an attacker can inject arbitrary HTML into the document.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2466.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59060", "published": "2012-05-10T00:00:00", "title": "Debian DSA-2466-1 : rails - XSS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2466. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59060);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2012-1099\");\n script_bugtraq_id(52264);\n script_xref(name:\"DSA\", value:\"2466\");\n\n script_name(english:\"Debian DSA-2466-1 : rails - XSS\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sergey Nartimov discovered that in Rails, a Ruby based framework for\nweb development, when developers generate html options tags manually,\nuser input concatenated with manually built tags may not be escaped\nand an attacker can inject arbitrary HTML into the document.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2466\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the rails packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libactionmailer-ruby\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionmailer-ruby1.8\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionpack-ruby\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionpack-ruby1.8\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby1.8\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby1.9.1\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiveresource-ruby\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiveresource-ruby1.8\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby1.8\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby1.9.1\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails-doc\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails-ruby1.8\", reference:\"2.3.5-1.2+squeeze3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:16:13", "bulletinFamily": "scanner", "description": "Fixes CVE-2012-1098 and CVE-2012-1099 for Fedora 17.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2012-3166.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58311", "published": "2012-03-12T00:00:00", "title": "Fedora 17 : rubygem-actionpack-3.0.11-2.fc17 / rubygem-activesupport-3.0.11-3.fc17 (2012-3166)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-3166.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58311);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_bugtraq_id(52264);\n script_xref(name:\"FEDORA\", value:\"2012-3166\");\n\n script_name(english:\"Fedora 17 : rubygem-actionpack-3.0.11-2.fc17 / rubygem-activesupport-3.0.11-3.fc17 (2012-3166)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2012-1098 and CVE-2012-1099 for Fedora 17.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799276\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075079.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ba41141\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075080.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82076733\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rubygem-actionpack and / or rubygem-activesupport\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"rubygem-actionpack-3.0.11-2.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"rubygem-activesupport-3.0.11-3.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack / rubygem-activesupport\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:16:22", "bulletinFamily": "scanner", "description": "Fixes CVE-2012-1098 and CVE-2012-1099 for Fedora 16.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2012-3321.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58369", "published": "2012-03-19T00:00:00", "title": "Fedora 16 : rubygem-actionpack-3.0.10-3.fc16 / rubygem-activesupport-3.0.10-2.fc16 (2012-3321)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-3321.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58369);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-1098\", \"CVE-2012-1099\");\n script_bugtraq_id(52264);\n script_xref(name:\"FEDORA\", value:\"2012-3321\");\n\n script_name(english:\"Fedora 16 : rubygem-actionpack-3.0.10-3.fc16 / rubygem-activesupport-3.0.10-2.fc16 (2012-3321)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2012-1098 and CVE-2012-1099 for Fedora 16.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799276\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?06cdfc66\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075676.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ef2cd14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rubygem-actionpack and / or rubygem-activesupport\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-actionpack-3.0.10-3.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"rubygem-activesupport-3.0.10-2.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack / rubygem-activesupport\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:23:10", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2466-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nMay 09, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nVulnerability : cross site scripting\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-1099\nDebian Bug : 668607\n\nSergey Nartimov discovered that in Rails, a Ruby based framework for\nweb development, when developers generate html options tags manually,\nuser input concatenated with manually built tags may not be escaped\nand an attacker can inject arbitrary HTML into the document.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze3.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 2.3.14.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-05-09T17:31:21", "published": "2012-05-09T17:31:21", "id": "DEBIAN:DSA-2466-1:8AFE9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00101.html", "title": "[SECURITY] [DSA 2466-1] rails security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
