CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
70.6%
The remote host is missing an update to rubygem-actionpack
announced via advisory FEDORA-2009-9922.
Note: This VT has been deprecated and is therefore no longer functional.
# SPDX-FileCopyrightText: 2009 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.64968");
script_version("2024-10-10T07:25:31+0000");
script_tag(name:"last_modification", value:"2024-10-10 07:25:31 +0000 (Thu, 10 Oct 2024)");
script_tag(name:"creation_date", value:"2009-09-28 19:09:13 +0200 (Mon, 28 Sep 2009)");
script_cve_id("CVE-2009-3009");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_name("Fedora Core 11 FEDORA-2009-9922 (rubygem-actionpack)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 E-Soft Inc.");
script_family("Fedora Local Security Checks");
script_tag(name:"insight", value:"Update Information:
A vulnerability is found on Ruby on Rails in the escaping code for the form
helpers, which also affects the rpms shipped in Fedora Project. Attackers who
can inject deliberately malformed unicode strings into the form helpers can
defeat the escaping checks and inject arbitrary HTML. This issue has been tagged
as CVE-2009-3009. These new rpms will fix this issue.
ChangeLog:
* Wed Sep 23 2009 Mamoru Tasaka - 2.3.3-2
- Patch for CVE-2009-3009 (bug 520843)");
script_tag(name:"solution", value:"Apply the appropriate updates.
This update can be installed with the yum update program. Use
su -c 'yum update rubygem-actionpack' at the command line.");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9922");
script_tag(name:"summary", value:"The remote host is missing an update to rubygem-actionpack
announced via advisory FEDORA-2009-9922.
Note: This VT has been deprecated and is therefore no longer functional.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=520843");
script_tag(name:"deprecated", value:TRUE);
exit(0);
}
exit(66);