Lucene search

K
openvasCopyright (C) 2009 E-Soft Inc.OPENVAS:136141256231064968
HistorySep 28, 2009 - 12:00 a.m.

Fedora Core 11 FEDORA-2009-9922 (rubygem-actionpack)

2009-09-2800:00:00
Copyright (C) 2009 E-Soft Inc.
plugins.openvas.org
16

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

70.6%

The remote host is missing an update to rubygem-actionpack
announced via advisory FEDORA-2009-9922.
Note: This VT has been deprecated and is therefore no longer functional.

# SPDX-FileCopyrightText: 2009 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.64968");
  script_version("2024-10-10T07:25:31+0000");
  script_tag(name:"last_modification", value:"2024-10-10 07:25:31 +0000 (Thu, 10 Oct 2024)");
  script_tag(name:"creation_date", value:"2009-09-28 19:09:13 +0200 (Mon, 28 Sep 2009)");
  script_cve_id("CVE-2009-3009");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_name("Fedora Core 11 FEDORA-2009-9922 (rubygem-actionpack)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 E-Soft Inc.");
  script_family("Fedora Local Security Checks");
  script_tag(name:"insight", value:"Update Information:

A vulnerability is found on Ruby on Rails in the escaping code for the form
helpers, which also affects the rpms shipped in Fedora Project. Attackers who
can inject deliberately malformed unicode strings into the form helpers can
defeat the escaping checks and inject arbitrary HTML. This issue has been tagged
as CVE-2009-3009.    These new rpms will fix this issue.

ChangeLog:

  * Wed Sep 23 2009 Mamoru Tasaka  - 2.3.3-2

  - Patch for CVE-2009-3009 (bug 520843)");
  script_tag(name:"solution", value:"Apply the appropriate updates.

This update can be installed with the yum update program.  Use
su -c 'yum update rubygem-actionpack' at the command line.");

  script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9922");
  script_tag(name:"summary", value:"The remote host is missing an update to rubygem-actionpack
announced via advisory FEDORA-2009-9922.
Note: This VT has been deprecated and is therefore no longer functional.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=520843");

  script_tag(name:"deprecated", value:TRUE);

exit(0);
}

exit(66);

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

70.6%