Ruby on Rails Active Record SQL Injection Vulnerability (Linux)
2016-10-13T00:00:00
ID OPENVAS:1361412562310807378 Type openvas Reporter Copyright (C) 2016 Greenbone Networks GmbH Modified 2019-07-05T00:00:00
Description
This host is running Ruby on Rails and is
prone to SQL injection vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
#
# Ruby on Rails Active Record SQL Injection Vulnerability (Linux)
#
# Authors:
# Antu Sanadi <santu@secpod.com>
#
# Copyright:
# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = 'cpe:/a:rubyonrails:ruby_on_rails';
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.807378");
script_version("2019-07-05T10:16:38+0000");
script_cve_id("CVE-2016-6317");
script_bugtraq_id(92434);
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_tag(name:"last_modification", value:"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)");
script_tag(name:"creation_date", value:"2016-10-13 14:29:38 +0530 (Thu, 13 Oct 2016)");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_name("Ruby on Rails Active Record SQL Injection Vulnerability (Linux)");
script_tag(name:"summary", value:"This host is running Ruby on Rails and is
prone to SQL injection vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaw is due to the way Active Record
interprets parameters in combination with the way that JSON parameters are
parsed, it is possible for an attacker to issue unexpected database queries
with 'IS NULL' or empty where clauses.");
script_tag(name:"impact", value:"Successful exploitation will allow a remote
attacker to bypass intended database-query restrictions and perform NULL checks
or trigger missing WHERE clauses via a crafted request, as demonstrated by
certain '[nil]' values.");
script_tag(name:"affected", value:"Ruby on Rails 4.2.x before 4.2.7.1 on Linux");
script_tag(name:"solution", value:"Upgrade to Ruby on Rails 4.2.7.1 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://www.openwall.com/lists/oss-security/2016/08/11/4");
script_xref(name:"URL", value:"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA");
script_xref(name:"URL", value:"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone Networks GmbH");
script_family("Web application abuses");
script_dependencies("secpod_ruby_rails_detect.nasl", "os_detection.nasl");
script_mandatory_keys("RubyOnRails/installed", "Host/runs_unixoide");
script_require_ports("Services/www", 3000);
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if(!RubyonRailPort = get_app_port(cpe:CPE)){
exit(0);
}
if(!RubyonRailVer = get_app_version(cpe:CPE, port:RubyonRailPort)){
exit(0);
}
if(version_in_range(version:RubyonRailVer, test_version:"4.2.0", test_version2:"4.2.7.0"))
{
report = report_fixed_ver(installed_version:RubyonRailVer, fixed_version:"4.2.7.1");
security_message(data:report, port:RubyonRailPort);
exit(0);
}
{"id": "OPENVAS:1361412562310807378", "bulletinFamily": "scanner", "title": "Ruby on Rails Active Record SQL Injection Vulnerability (Linux)", "description": "This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.", "published": "2016-10-13T00:00:00", "modified": "2019-07-05T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807378", "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "references": ["http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released", "http://www.openwall.com/lists/oss-security/2016/08/11/4", "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA"], "cvelist": ["CVE-2016-6317"], "type": "openvas", "lastseen": "2019-07-17T14:25:42", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2016-6317"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.", "edition": 6, "enchantments": {"dependencies": {"modified": "2018-10-11T12:36:46", "references": [{"idList": ["FREEBSD_PKG_7E61CF44654911E6828600248C0C745D.NASL", "FEDORA_2016-5760339E76.NASL", "FEDORA_2016-B4919FFE56.NASL", "FEDORA_2016-F58D7ECC8A.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310809163", "OPENVAS:1361412562310871890", "OPENVAS:1361412562310807377", "OPENVAS:1361412562310809159", "OPENVAS:1361412562310872011", "OPENVAS:1361412562310809161", "OPENVAS:1361412562310872008", "OPENVAS:1361412562310872056", "OPENVAS:1361412562310809167", "OPENVAS:1361412562310872094"], "type": "openvas"}, {"idList": ["H1:139321"], "type": "hackerone"}, {"idList": ["CVE-2016-6317"], "type": "cve"}, {"idList": ["RHSA-2016:1855"], "type": "redhat"}, {"idList": ["7E61CF44-6549-11E6-8286-00248C0C745D"], "type": "freebsd"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "523f298b884593809fe438e67f5a7e87e8a4a9bdcaabf79b014ab82d86172ad4", "hashmap": [{"hash": "5a8b427c85fc28c29cc762052f43aa3d", "key": "description"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "bcd8abde7f060a8789d08ba0ba73d345", "key": "published"}, {"hash": "c9c8d39315c77932a9b5173e23d4dcf3", "key": "pluginID"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "9bd5dcfcb227d4b92eae337f2ff06a78", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "1f55505d74f3aaa5dd7068ab31cf6f62", "key": "href"}, {"hash": "741c9f66525d6ebe8c438c6cfe9d2630", "key": "sourceData"}, {"hash": "a396c37e785aedd996daef45aca71fb5", "key": "title"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "9de2a2ebc98eafd4b1ee02eedf3fdea0", "key": "references"}, {"hash": "5c2fb6abefa4b019bd1c0af856180f2b", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807378", "id": "OPENVAS:1361412562310807378", "lastseen": "2018-10-11T12:36:46", "modified": "2018-10-10T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310807378", "published": "2016-10-13T00:00:00", "references": ["http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released", "http://rubyonrails.org", "http://www.openwall.com/lists/oss-security/2016/08/11/4", "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ruby_on_rails_action_record_sql_inj_vuln_lin.nasl 11811 2018-10-10 09:55:00Z asteins $\n#\n# Ruby on Rails Active Record SQL Injection Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:rubyonrails:ruby_on_rails';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807378\");\n script_version(\"$Revision: 11811 $\");\n script_cve_id(\"CVE-2016-6317\");\n script_bugtraq_id(92434);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-10 11:55:00 +0200 (Wed, 10 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-13 14:29:38 +0530 (Thu, 13 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Ruby on Rails Active Record SQL Injection Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the way Active Record\n interprets parameters in combination with the way that JSON parameters are\n parsed, it is possible for an attacker to issue unexpected database queries\n with 'IS NULL' or empty where clauses.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to bypass intended database-query restrictions and perform NULL checks\n or trigger missing WHERE clauses via a crafted request, as demonstrated by\n certain '[nil]' values.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails 4.2.x before 4.2.7.1 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 4.2.7.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/08/11/4\");\n script_xref(name:\"URL\", value:\"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA\");\n script_xref(name:\"URL\", value:\"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_ruby_rails_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"RubyOnRails/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 3000);\n script_xref(name:\"URL\", value:\"http://rubyonrails.org\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!RubyonRailPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!RubyonRailVer = get_app_version(cpe:CPE, port:RubyonRailPort)){\n exit(0);\n}\n\nif(version_in_range(version:RubyonRailVer, test_version:\"4.2.0\", test_version2:\"4.2.7.0\"))\n{\n report = report_fixed_ver(installed_version:RubyonRailVer, fixed_version:\"4.2.7.1\");\n security_message(data:report, port:RubyonRailPort);\n exit(0);\n}", "title": "Ruby on Rails Active Record SQL Injection Vulnerability (Linux)", "type": "openvas", "viewCount": 1}, "differentElements": ["cvss"], "edition": 6, "lastseen": "2018-10-11T12:36:46"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2016-6317"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "description": "This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-05-29T18:35:25", "references": [{"idList": ["FREEBSD_PKG_7E61CF44654911E6828600248C0C745D.NASL", "FEDORA_2016-5760339E76.NASL", "FEDORA_2016-B4919FFE56.NASL", "FEDORA_2016-F58D7ECC8A.NASL"], "type": "nessus"}, {"idList": ["H1:139321"], "type": "hackerone"}, {"idList": ["CVE-2016-6317"], "type": "cve"}, {"idList": ["RHSA-2016:1855"], "type": "redhat"}, {"idList": ["OPENVAS:1361412562310809163", "OPENVAS:1361412562310807377", "OPENVAS:1361412562310872047", "OPENVAS:1361412562310809159", "OPENVAS:1361412562310871937", "OPENVAS:1361412562310871965", "OPENVAS:1361412562310872038", "OPENVAS:1361412562310809161", "OPENVAS:1361412562310872056", "OPENVAS:1361412562310809167"], "type": "openvas"}, {"idList": ["7E61CF44-6549-11E6-8286-00248C0C745D"], "type": "freebsd"}]}, "score": {"modified": "2019-05-29T18:35:25", "value": 5.8, "vector": "NONE"}}, "hash": "75de80e6e1cd8b974367cfcfe9120c4c4c66d508e7d092de3b351ac646bde3a0", "hashmap": [{"hash": "5a8b427c85fc28c29cc762052f43aa3d", "key": "description"}, {"hash": "b5bbdd851ff7634dd01c09e00d03be1e", "key": "cvss"}, {"hash": "bcd8abde7f060a8789d08ba0ba73d345", "key": "published"}, {"hash": "c9c8d39315c77932a9b5173e23d4dcf3", "key": "pluginID"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "9bd5dcfcb227d4b92eae337f2ff06a78", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "1f55505d74f3aaa5dd7068ab31cf6f62", "key": "href"}, {"hash": "741c9f66525d6ebe8c438c6cfe9d2630", "key": "sourceData"}, {"hash": "a396c37e785aedd996daef45aca71fb5", "key": "title"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "9de2a2ebc98eafd4b1ee02eedf3fdea0", "key": "references"}, {"hash": "5c2fb6abefa4b019bd1c0af856180f2b", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807378", "id": "OPENVAS:1361412562310807378", "lastseen": "2019-05-29T18:35:25", "modified": "2018-10-10T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310807378", "published": "2016-10-13T00:00:00", "references": ["http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released", "http://rubyonrails.org", "http://www.openwall.com/lists/oss-security/2016/08/11/4", "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ruby_on_rails_action_record_sql_inj_vuln_lin.nasl 11811 2018-10-10 09:55:00Z asteins $\n#\n# Ruby on Rails Active Record SQL Injection Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:rubyonrails:ruby_on_rails';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807378\");\n script_version(\"$Revision: 11811 $\");\n script_cve_id(\"CVE-2016-6317\");\n script_bugtraq_id(92434);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-10 11:55:00 +0200 (Wed, 10 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-13 14:29:38 +0530 (Thu, 13 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Ruby on Rails Active Record SQL Injection Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the way Active Record\n interprets parameters in combination with the way that JSON parameters are\n parsed, it is possible for an attacker to issue unexpected database queries\n with 'IS NULL' or empty where clauses.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to bypass intended database-query restrictions and perform NULL checks\n or trigger missing WHERE clauses via a crafted request, as demonstrated by\n certain '[nil]' values.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails 4.2.x before 4.2.7.1 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 4.2.7.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/08/11/4\");\n script_xref(name:\"URL\", value:\"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA\");\n script_xref(name:\"URL\", value:\"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_ruby_rails_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"RubyOnRails/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 3000);\n script_xref(name:\"URL\", value:\"http://rubyonrails.org\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!RubyonRailPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!RubyonRailVer = get_app_version(cpe:CPE, port:RubyonRailPort)){\n exit(0);\n}\n\nif(version_in_range(version:RubyonRailVer, test_version:\"4.2.0\", test_version2:\"4.2.7.0\"))\n{\n report = report_fixed_ver(installed_version:RubyonRailVer, fixed_version:\"4.2.7.1\");\n security_message(data:report, port:RubyonRailPort);\n exit(0);\n}", "title": "Ruby on Rails Active Record SQL Injection Vulnerability (Linux)", "type": "openvas", "viewCount": 1}, "differentElements": ["references", "modified", "sourceData"], "edition": 7, "lastseen": "2019-05-29T18:35:25"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2016-6317"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "d24f99b24ef03faab7f81cb4e4c3df9255fa3bfe0cf5d55cf01991588935efe4", "hashmap": [{"hash": "5a8b427c85fc28c29cc762052f43aa3d", "key": "description"}, {"hash": "c5bb34af05c207ad0795b24b339835fb", "key": "modified"}, {"hash": "bcd8abde7f060a8789d08ba0ba73d345", "key": "published"}, {"hash": "c9c8d39315c77932a9b5173e23d4dcf3", "key": "pluginID"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "1f55505d74f3aaa5dd7068ab31cf6f62", "key": "href"}, {"hash": "42f59352167dc1dca0f7500bb165cf4c", "key": "sourceData"}, {"hash": "a396c37e785aedd996daef45aca71fb5", "key": "title"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "2d1f501cf925df4b9ddcbbec739d6940", "key": "references"}, {"hash": "5c2fb6abefa4b019bd1c0af856180f2b", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807378", "id": "OPENVAS:1361412562310807378", "lastseen": "2018-08-30T19:21:10", "modified": "2017-10-24T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310807378", "published": "2016-10-13T00:00:00", "references": ["http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released", "http://www.openwall.com/lists/oss-security/2016/08/11/4", "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ruby_on_rails_action_record_sql_inj_vuln_lin.nasl 7545 2017-10-24 11:45:30Z cfischer $\n#\n# Ruby on Rails Active Record SQL Injection Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:rubyonrails:ruby_on_rails';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807378\");\n script_version(\"$Revision: 7545 $\");\n script_cve_id(\"CVE-2016-6317\");\n script_bugtraq_id(92434);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-24 13:45:30 +0200 (Tue, 24 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-13 14:29:38 +0530 (Thu, 13 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Ruby on Rails Active Record SQL Injection Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the way Active Record\n interprets parameters in combination with the way that JSON parameters are\n parsed, it is possible for an attacker to issue unexpected database queries\n with 'IS NULL' or empty where clauses.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to bypass intended database-query restrictions and perform NULL checks\n or trigger missing WHERE clauses via a crafted request, as demonstrated by\n certain '[nil]' values.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails 4.2.x before 4.2.7.1 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 4.2.7.1 or later.\n For updates refer to http://rubyonrails.org\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2016/08/11/4\");\n script_xref(name : \"URL\" , value : \"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA\");\n script_xref(name : \"URL\" , value : \"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_ruby_rails_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"RubyOnRails/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 3000);\n exit(0);\n}\n\n\n##\n### Code Starts Here\n##\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n## Variable Initialization\nRubyonRailPort = \"\";\nRubyonRailVer = \"\";\n\n## Get HTTP Port\nif(!RubyonRailPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\n## Get the version\nif(!RubyonRailVer = get_app_version(cpe:CPE, port:RubyonRailPort)){\n exit(0);\n}\n\n##Check for vulnerable version\nif(version_in_range(version:RubyonRailVer, test_version:\"4.2.0\", test_version2:\"4.2.7.0\"))\n{\n report = report_fixed_ver(installed_version:RubyonRailVer, fixed_version:\"4.2.7.1\");\n security_message(data:report, port:RubyonRailPort);\n exit(0);\n}", "title": "Ruby on Rails Active Record SQL Injection Vulnerability (Linux)", "type": "openvas", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:21:10"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2016-6317"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "8a44cc1b2a8d71709698157a31358e3eb33c0eff2baa8d178df7a6d016904213", "hashmap": [{"hash": "5a8b427c85fc28c29cc762052f43aa3d", "key": "description"}, {"hash": "c5bb34af05c207ad0795b24b339835fb", "key": "modified"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "bcd8abde7f060a8789d08ba0ba73d345", "key": "published"}, {"hash": "c9c8d39315c77932a9b5173e23d4dcf3", "key": "pluginID"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "1f55505d74f3aaa5dd7068ab31cf6f62", "key": "href"}, {"hash": "42f59352167dc1dca0f7500bb165cf4c", "key": "sourceData"}, {"hash": "a396c37e785aedd996daef45aca71fb5", "key": "title"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "2d1f501cf925df4b9ddcbbec739d6940", "key": "references"}, {"hash": "5c2fb6abefa4b019bd1c0af856180f2b", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807378", "id": "OPENVAS:1361412562310807378", "lastseen": "2018-09-01T23:47:08", "modified": "2017-10-24T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310807378", "published": "2016-10-13T00:00:00", "references": ["http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released", "http://www.openwall.com/lists/oss-security/2016/08/11/4", "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ruby_on_rails_action_record_sql_inj_vuln_lin.nasl 7545 2017-10-24 11:45:30Z cfischer $\n#\n# Ruby on Rails Active Record SQL Injection Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:rubyonrails:ruby_on_rails';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807378\");\n script_version(\"$Revision: 7545 $\");\n script_cve_id(\"CVE-2016-6317\");\n script_bugtraq_id(92434);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-24 13:45:30 +0200 (Tue, 24 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-13 14:29:38 +0530 (Thu, 13 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Ruby on Rails Active Record SQL Injection Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the way Active Record\n interprets parameters in combination with the way that JSON parameters are\n parsed, it is possible for an attacker to issue unexpected database queries\n with 'IS NULL' or empty where clauses.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to bypass intended database-query restrictions and perform NULL checks\n or trigger missing WHERE clauses via a crafted request, as demonstrated by\n certain '[nil]' values.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails 4.2.x before 4.2.7.1 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 4.2.7.1 or later.\n For updates refer to http://rubyonrails.org\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2016/08/11/4\");\n script_xref(name : \"URL\" , value : \"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA\");\n script_xref(name : \"URL\" , value : \"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_ruby_rails_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"RubyOnRails/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 3000);\n exit(0);\n}\n\n\n##\n### Code Starts Here\n##\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n## Variable Initialization\nRubyonRailPort = \"\";\nRubyonRailVer = \"\";\n\n## Get HTTP Port\nif(!RubyonRailPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\n## Get the version\nif(!RubyonRailVer = get_app_version(cpe:CPE, port:RubyonRailPort)){\n exit(0);\n}\n\n##Check for vulnerable version\nif(version_in_range(version:RubyonRailVer, test_version:\"4.2.0\", test_version2:\"4.2.7.0\"))\n{\n report = report_fixed_ver(installed_version:RubyonRailVer, fixed_version:\"4.2.7.1\");\n security_message(data:report, port:RubyonRailPort);\n exit(0);\n}", "title": "Ruby on Rails Active Record SQL Injection Vulnerability (Linux)", "type": "openvas", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:47:08"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2016-6317"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.", "edition": 1, "enchantments": {}, "hash": "0d1803139b293038f78eec9bb7aee1ea7b5d864e052a0893fa8a481f9fd3b5fe", "hashmap": [{"hash": "5a8b427c85fc28c29cc762052f43aa3d", "key": "description"}, {"hash": "5f53274497eca880e417806017fc98d3", "key": "sourceData"}, {"hash": "7d0606d422b7f815cc8a157fb6d33530", "key": "modified"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "bcd8abde7f060a8789d08ba0ba73d345", "key": "published"}, {"hash": "c9c8d39315c77932a9b5173e23d4dcf3", "key": "pluginID"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "1f55505d74f3aaa5dd7068ab31cf6f62", "key": "href"}, {"hash": "a396c37e785aedd996daef45aca71fb5", "key": "title"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "2d1f501cf925df4b9ddcbbec739d6940", "key": "references"}, {"hash": "5c2fb6abefa4b019bd1c0af856180f2b", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807378", "id": "OPENVAS:1361412562310807378", "lastseen": "2017-07-02T21:13:08", "modified": "2017-03-21T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310807378", "published": "2016-10-13T00:00:00", "references": ["http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released", "http://www.openwall.com/lists/oss-security/2016/08/11/4", "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ruby_on_rails_action_record_sql_inj_vuln_lin.nasl 5650 2017-03-21 10:00:45Z teissa $\n#\n# Ruby on Rails Active Record SQL Injection Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:rubyonrails:ruby_on_rails';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807378\");\n script_version(\"$Revision: 5650 $\");\n script_cve_id(\"CVE-2016-6317\");\n script_bugtraq_id(92434);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-21 11:00:45 +0100 (Tue, 21 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-13 14:29:38 +0530 (Thu, 13 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Ruby on Rails Active Record SQL Injection Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the way Active Record\n interprets parameters in combination with the way that JSON parameters are\n parsed, it is possible for an attacker to issue unexpected database queries\n with 'IS NULL' or empty where clauses.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to bypass intended database-query restrictions and perform NULL checks\n or trigger missing WHERE clauses via a crafted request, as demonstrated by\n certain '[nil]' values.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails 4.2.x before 4.2.7.1 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 4.2.7.1 or later.\n For updates refer to http://rubyonrails.org\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2016/08/11/4\");\n script_xref(name : \"URL\" , value : \"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA\");\n script_xref(name : \"URL\" , value : \"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_ruby_rails_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"RubyOnRails/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 3000);\n exit(0);\n}\n\n\n##\n### Code Starts Here\n##\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n## Variable Initialization\nRubyonRailPort = \"\";\nRubyonRailVer = \"\";\n\n## exit, if its not Linux\nif(host_runs(\"Linux\") != \"yes\")exit(0);\n\n## Get HTTP Port\nif(!RubyonRailPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\n## Get the version\nif(!RubyonRailVer = get_app_version(cpe:CPE, port:RubyonRailPort)){\n exit(0);\n}\n\n##Check for vulnerable version\nif(version_in_range(version:RubyonRailVer, test_version:\"4.2.0\", test_version2:\"4.2.7.0\"))\n{\n report = report_fixed_ver(installed_version:RubyonRailVer, fixed_version:\"4.2.7.1\");\n security_message(data:report, port:RubyonRailPort);\n exit(0);\n}", "title": "Ruby on Rails Active Record SQL Injection Vulnerability (Linux)", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:13:08"}], "edition": 8, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "5c2fb6abefa4b019bd1c0af856180f2b"}, {"key": "cvss", "hash": "b5bbdd851ff7634dd01c09e00d03be1e"}, {"key": "description", "hash": "5a8b427c85fc28c29cc762052f43aa3d"}, {"key": "href", "hash": "1f55505d74f3aaa5dd7068ab31cf6f62"}, {"key": "modified", "hash": "49311ac6ce7fdb21c304f9baa288e279"}, {"key": "naslFamily", "hash": "55199d25018fbdb9b50e6b64d444c3a4"}, {"key": "pluginID", "hash": "c9c8d39315c77932a9b5173e23d4dcf3"}, {"key": "published", "hash": "bcd8abde7f060a8789d08ba0ba73d345"}, {"key": "references", "hash": "2d1f501cf925df4b9ddcbbec739d6940"}, {"key": "reporter", "hash": "ea106ff9c2727a6e906e8959871e7c06"}, {"key": "sourceData", "hash": "6af8f03bb13d336d5050934498bca935"}, {"key": "title", "hash": "a396c37e785aedd996daef45aca71fb5"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "2436629ab85984426e9cdb557f87cb4376b4c09f3190063372b12be7cf851873", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-6317"]}, {"type": "freebsd", "idList": ["7E61CF44-6549-11E6-8286-00248C0C745D"]}, {"type": "nessus", "idList": ["FEDORA_2016-F58D7ECC8A.NASL", "FEDORA_2016-B4919FFE56.NASL", "FEDORA_2016-5760339E76.NASL", "FREEBSD_PKG_7E61CF44654911E6828600248C0C745D.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310809163", "OPENVAS:1361412562310809159", "OPENVAS:1361412562310807377", "OPENVAS:1361412562310809167", "OPENVAS:1361412562310809161", "OPENVAS:1361412562310871965", "OPENVAS:1361412562310872008", "OPENVAS:1361412562310872011", "OPENVAS:1361412562310872094", "OPENVAS:1361412562310871981"]}, {"type": "redhat", "idList": ["RHSA-2016:1855"]}, {"type": "hackerone", "idList": ["H1:139321"]}], "modified": "2019-07-17T14:25:42"}, "score": {"value": 5.9, "vector": "NONE", "modified": "2019-07-17T14:25:42"}, "vulnersScore": 5.9}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby on Rails Active Record SQL Injection Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:rubyonrails:ruby_on_rails';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807378\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-6317\");\n script_bugtraq_id(92434);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-10-13 14:29:38 +0530 (Thu, 13 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Ruby on Rails Active Record SQL Injection Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the way Active Record\n interprets parameters in combination with the way that JSON parameters are\n parsed, it is possible for an attacker to issue unexpected database queries\n with 'IS NULL' or empty where clauses.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to bypass intended database-query restrictions and perform NULL checks\n or trigger missing WHERE clauses via a crafted request, as demonstrated by\n certain '[nil]' values.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails 4.2.x before 4.2.7.1 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 4.2.7.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/08/11/4\");\n script_xref(name:\"URL\", value:\"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA\");\n script_xref(name:\"URL\", value:\"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_ruby_rails_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"RubyOnRails/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 3000);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!RubyonRailPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!RubyonRailVer = get_app_version(cpe:CPE, port:RubyonRailPort)){\n exit(0);\n}\n\nif(version_in_range(version:RubyonRailVer, test_version:\"4.2.0\", test_version2:\"4.2.7.0\"))\n{\n report = report_fixed_ver(installed_version:RubyonRailVer, fixed_version:\"4.2.7.1\");\n security_message(data:report, port:RubyonRailPort);\n exit(0);\n}", "naslFamily": "Web application abuses", "pluginID": "1361412562310807378", "scheme": null}
{"cve": [{"lastseen": "2019-08-09T11:50:23", "bulletinFamily": "NVD", "description": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.", "modified": "2019-08-08T15:16:00", "id": "CVE-2016-6317", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6317", "published": "2016-09-07T19:28:00", "title": "CVE-2016-6317", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:30", "bulletinFamily": "unix", "description": "\nRuby Security team reports:\n\nThere is a vulnerability when Active Record is used in conjunction with JSON\nparameter parsing. This vulnerability has been assigned the CVE identifier\nCVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694\nand CVE-2013-0155.\n\n", "modified": "2016-08-11T00:00:00", "published": "2016-08-11T00:00:00", "id": "7E61CF44-6549-11E6-8286-00248C0C745D", "href": "https://vuxml.freebsd.org/freebsd/7e61cf44-6549-11e6-8286-00248c0c745d.html", "title": "Rails 4 -- Unsafe Query Generation Risk in Active Record", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2019-11-01T02:27:37", "bulletinFamily": "scanner", "description": " - Fix for CVE-2016-6317 (rhbz#1366479)\n\n - Fix argument error for instance_exec for Ruby 2.3\n compatibility (Only rubygem-activerecord f24)\n\n - Improve tests not to accept the failures (Only\n rubygem-activerecord)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2016-F58D7ECC8A.NASL", "href": "https://www.tenable.com/plugins/nessus/93209", "published": "2016-08-30T00:00:00", "title": "Fedora 23 : 1:rubygem-actionpack / 1:rubygem-activerecord (2016-f58d7ecc8a)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-f58d7ecc8a.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93209);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2019/09/25 17:12:10\");\n\n script_cve_id(\"CVE-2016-6317\");\n script_xref(name:\"FEDORA\", value:\"2016-f58d7ecc8a\");\n\n script_name(english:\"Fedora 23 : 1:rubygem-actionpack / 1:rubygem-activerecord (2016-f58d7ecc8a)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix for CVE-2016-6317 (rhbz#1366479)\n\n - Fix argument error for instance_exec for Ruby 2.3\n compatibility (Only rubygem-activerecord f24)\n\n - Improve tests not to accept the failures (Only\n rubygem-activerecord)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-f58d7ecc8a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected 1:rubygem-actionpack and / or\n1:rubygem-activerecord packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"rubygem-actionpack-4.2.3-6.fc23\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC23\", reference:\"rubygem-activerecord-4.2.3-3.fc23\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:rubygem-actionpack / 1:rubygem-activerecord\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:27:33", "bulletinFamily": "scanner", "description": " - Fix for CVE-2016-6317 (rhbz#1366479)\n\n - Fix argument error for instance_exec for Ruby 2.3\n compatibility (Only rubygem-activerecord f24)\n\n - Improve tests not to accept the failures (Only\n rubygem-activerecord)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2016-B4919FFE56.NASL", "href": "https://www.tenable.com/plugins/nessus/93207", "published": "2016-08-30T00:00:00", "title": "Fedora 24 : 1:rubygem-actionpack / 1:rubygem-activerecord (2016-b4919ffe56)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-b4919ffe56.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93207);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2019/09/25 17:12:09\");\n\n script_cve_id(\"CVE-2016-6317\");\n script_xref(name:\"FEDORA\", value:\"2016-b4919ffe56\");\n\n script_name(english:\"Fedora 24 : 1:rubygem-actionpack / 1:rubygem-activerecord (2016-b4919ffe56)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix for CVE-2016-6317 (rhbz#1366479)\n\n - Fix argument error for instance_exec for Ruby 2.3\n compatibility (Only rubygem-activerecord f24)\n\n - Improve tests not to accept the failures (Only\n rubygem-activerecord)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4919ffe56\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected 1:rubygem-actionpack and / or\n1:rubygem-activerecord packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"rubygem-actionpack-4.2.5.2-3.fc24\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC24\", reference:\"rubygem-activerecord-4.2.5.2-2.fc24\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:rubygem-actionpack / 1:rubygem-activerecord\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:27:29", "bulletinFamily": "scanner", "description": "Update to Rails 5.0.0.1.\n\nEnable whole test suite in Railties.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2016-5760339E76.NASL", "href": "https://www.tenable.com/plugins/nessus/94808", "published": "2016-11-15T00:00:00", "title": "Fedora 25 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2016-5760339e76)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-5760339e76.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94808);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2019/09/25 17:12:08\");\n\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n\n script_name(english:\"Fedora 25 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2016-5760339e76)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Rails 5.0.0.1.\n\nEnable whole test suite in Railties.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-5760339e76\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actioncable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activejob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-actionmailer-5.0.0.1-1.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-actionpack-5.0.0.1-2.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-activerecord-5.0.0.1-1.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-activesupport-5.0.0.1-1.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-rails-5.0.0.1-1.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-actioncable-5.0.0.1-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-actionview-5.0.0.1-2.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-activejob-5.0.0.1-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-activemodel-5.0.0.1-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-railties-5.0.0.1-2.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:rubygem-actionmailer / 1:rubygem-actionpack / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:38:51", "bulletinFamily": "scanner", "description": "Ruby Security team reports :\n\nThere is a vulnerability when Active Record is used in conjunction\nwith JSON parameter parsing. This vulnerability has been assigned the\nCVE identifier CVE-2016-6317. This vulnerability is similar to\nCVE-2012-2660, CVE-2012-2694 and CVE-2013-0155.", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_7E61CF44654911E6828600248C0C745D.NASL", "href": "https://www.tenable.com/plugins/nessus/94082", "published": "2016-10-17T00:00:00", "title": "FreeBSD : Rails 4 -- Unsafe Query Generation Risk in Active Record (7e61cf44-6549-11e6-8286-00248c0c745d)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94082);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:45\");\n\n script_cve_id(\"CVE-2016-6317\");\n\n script_name(english:\"FreeBSD : Rails 4 -- Unsafe Query Generation Risk in Active Record (7e61cf44-6549-11e6-8286-00248c0c745d)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ruby Security team reports :\n\nThere is a vulnerability when Active Record is used in conjunction\nwith JSON parameter parsing. This vulnerability has been assigned the\nCVE identifier CVE-2016-6317. This vulnerability is similar to\nCVE-2012-2660, CVE-2012-2694 and CVE-2013-0155.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA\"\n );\n # https://vuxml.freebsd.org/freebsd/7e61cf44-6549-11e6-8286-00248c0c745d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e0e8b71\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activerecord4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activerecord4>4.2.0<4.2.7.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:35:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-08-30T00:00:00", "id": "OPENVAS:1361412562310809163", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809163", "title": "Fedora Update for rubygem-activerecord FEDORA-2016-b4919ffe56", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2016-b4919ffe56\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809163\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-30 05:58:39 +0200 (Tue, 30 Aug 2016)\");\n script_cve_id(\"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2016-b4919ffe56\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activerecord'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activerecord on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b4919ffe56\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIKYQUVSGMREVPYLGJJT4HP353LWQ6AO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~4.2.5.2~2.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-08-30T00:00:00", "id": "OPENVAS:1361412562310809167", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809167", "title": "Fedora Update for rubygem-actionpack FEDORA-2016-b4919ffe56", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2016-b4919ffe56\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809167\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-30 05:58:34 +0200 (Tue, 30 Aug 2016)\");\n script_cve_id(\"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2016-b4919ffe56\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b4919ffe56\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJQ6L3R7RUEIDHUMRST4MEHLX46OEGYA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~4.2.5.2~3.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-08-30T00:00:00", "id": "OPENVAS:1361412562310809161", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809161", "title": "Fedora Update for rubygem-actionpack FEDORA-2016-f58d7ecc8a", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2016-f58d7ecc8a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809161\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-30 05:58:42 +0200 (Tue, 30 Aug 2016)\");\n script_cve_id(\"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2016-f58d7ecc8a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-f58d7ecc8a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GETU77G46UPFRZ6VRFIYLMBSLTHSBNU2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~4.2.3~6.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-08-30T00:00:00", "id": "OPENVAS:1361412562310809159", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809159", "title": "Fedora Update for rubygem-activerecord FEDORA-2016-f58d7ecc8a", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2016-f58d7ecc8a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809159\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-30 05:58:40 +0200 (Tue, 30 Aug 2016)\");\n script_cve_id(\"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2016-f58d7ecc8a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activerecord'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activerecord on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-f58d7ecc8a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD7IJG75DQXRE7HO34KYAZO53RAZGCOP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~4.2.3~3.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-07-17T14:26:25", "bulletinFamily": "scanner", "description": "This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.", "modified": "2019-07-05T00:00:00", "published": "2016-10-13T00:00:00", "id": "OPENVAS:1361412562310807377", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807377", "title": "Ruby on Rails Active Record SQL Injection Vulnerability (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby on Rails Active Record SQL Injection Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:rubyonrails:ruby_on_rails';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807377\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-6317\");\n script_bugtraq_id(92434);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-10-13 14:29:34 +0530 (Thu, 13 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Ruby on Rails Active Record SQL Injection Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to SQL injection vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the way Active Record\n interprets parameters in combination with the way that JSON parameters are\n parsed, it is possible for an attacker to issue unexpected database queries\n with 'IS NULL' or empty where clauses.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to bypass intended database-query restrictions and perform NULL checks\n or trigger missing WHERE clauses via a crafted request, as demonstrated by\n certain '[nil]' values.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails 4.2.x before 4.2.7.1 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 4.2.7.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/08/11/4\");\n script_xref(name:\"URL\", value:\"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA\");\n script_xref(name:\"URL\", value:\"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_ruby_rails_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"RubyOnRails/installed\", \"Host/runs_windows\");\n script_require_ports(\"Services/www\", 3000);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!RubyonRailPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!RubyonRailVer = get_app_version(cpe:CPE, port:RubyonRailPort)){\n exit(0);\n}\n\nif(version_in_range(version:RubyonRailVer, test_version:\"4.2.0\", test_version2:\"4.2.7.0\"))\n{\n report = report_fixed_ver(installed_version:RubyonRailVer, fixed_version:\"4.2.7.1\");\n security_message(data:report, port:RubyonRailPort);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310871965", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871965", "title": "Fedora Update for rubygem-activesupport FEDORA-2016-5760339e76", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871965\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:21:49 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activesupport'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activesupport on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRQYAVBWV4UNQ5XC3LB5L44OYTI3JZ3W\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310872056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872056", "title": "Fedora Update for rubygem-actionmailer FEDORA-2016-5760339e76", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionmailer FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872056\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:25:50 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionmailer FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionmailer'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionmailer on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVDJLLIW67K6FGDQKQEY6EGTKQ7KXRQU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionmailer\", rpm:\"rubygem-actionmailer~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310872038", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872038", "title": "Fedora Update for rubygem-activemodel FEDORA-2016-5760339e76", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activemodel FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872038\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:25:19 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activemodel FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activemodel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activemodel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNY6ZLXQZ4GJM4L5Z2JD42S4WMYF75U5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activemodel\", rpm:\"rubygem-activemodel~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310871937", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871937", "title": "Fedora Update for rubygem-railties FEDORA-2016-5760339e76", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-railties FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871937\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:20:47 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-railties FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-railties'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-railties on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWPXPNMF2BDDQ7AGYMPNOYVDE3BN3RFG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-railties\", rpm:\"rubygem-railties~5.0.0.1~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:49", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310872047", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872047", "title": "Fedora Update for rubygem-activerecord FEDORA-2016-5760339e76", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872047\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:25:34 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activerecord'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activerecord on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VQDB7AQ3WT2TSLDMYPYKXIMBJ7KYSJ6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "github": [{"lastseen": "2019-11-21T12:51:12", "bulletinFamily": "software", "description": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.", "modified": "2019-07-03T21:01:59", "published": "2017-10-24T18:33:35", "id": "GHSA-PR3R-4WRP-R2PV", "href": "https://github.com/advisories/GHSA-pr3r-4wrp-r2pv", "title": "Moderate severity vulnerability that affects activerecord", "type": "github", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-21T12:51:07", "bulletinFamily": "software", "description": "Withdrawn, accidental duplicate publish.\r\n\r\nActive Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.", "modified": "2019-07-03T21:02:02", "published": "2018-08-13T20:49:01", "id": "GHSA-M8H6-M9P5-P2F8", "href": "https://github.com/advisories/GHSA-m8h6-m9p5-p2f8", "title": "Moderate severity vulnerability that affects activerecord", "type": "github", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:46:58", "bulletinFamily": "unix", "description": "Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action View implements the view component, and Active Record implements the model component.\n\nSecurity Fix(es) in rubygem-actionview:\n\n* It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316)\n\nSecurity Fix(es) in rubygem-activerecord:\n\n* A flaw was found in the way Active Record handled certain special values in dynamic finders and relations. If a Ruby on Rails application performed JSON parameter parsing, a remote attacker could possibly manipulate search conditions in SQL queries generated by the application. (CVE-2016-6317)\n\nRed Hat would like to thank the Ruby on Rails project for reporting these issues. Upstream acknowledges Andrew Carpenter (Critical Juncture) as the original reporter of CVE-2016-6316; and joernchen (Phenoelit) as the original reporter of CVE-2016-6317.", "modified": "2018-04-23T11:41:48", "published": "2016-09-13T13:49:49", "id": "RHSA-2016:1855", "href": "https://access.redhat.com/errata/RHSA-2016:1855", "type": "redhat", "title": "(RHSA-2016:1855) Moderate: rh-ror42 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "hackerone": [{"lastseen": "2018-08-31T00:39:12", "bulletinFamily": "bugbounty", "bounty": 1500.0, "description": "# Unsafe Query Generation Risk in Active Record \n\nThere is a vulnerability when Active Record is used in conjunction with JSON \nparameter parsing. This vulnerability has been assigned the CVE identifier \nCVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 \nand CVE-2013-0155. \n\nVersions Affected: >= 4.2.0 \nNot affected: < 4.2.0, >= 5.0.0 \nFixed Versions: 4.2.7.1 \n\nImpact \n------ \n\nDue to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with \"IS NULL\" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it. \n\nFor example, a system has password reset with token functionality: \n\n unless params[:token].nil? \n user = User.find_by_token(params[:token]) \n user.reset_password! \n end \n\nAn attacker can craft a request such that `params[:token]` will return `[nil]`. The `[nil]` value will bypass the test for nil, but will still add an \"IN ('xyz', NULL)\" clause to the SQL query. \n\nSimilarly, an attacker can craft a request such that `params[:token]` will return an empty hash. An empty hash will eliminate the WHERE clause of the query, but can bypass the `nil?` check. \n\nNote that this impacts not only dynamic finders (`find_by_*`) but also relations (`User.where(:name => params[:name])`). \n\nAll users running an affected release should either upgrade or use one of the work arounds immediately. All users running an affected release should upgrade immediately. Please note, this vulnerability is a variant of CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155. Even if you upgraded to address those issues, you must take action again. \n\nIf this chance in behavior impacts your application, you can manually decode the original values from the request like so: \n\n ActiveSupport::JSON.decode(request.body) \n\nReleases \n-------- \nThe FIXED releases are available at the normal locations. \n\nWorkarounds \n----------- \nThis problem can be mitigated by casting the parameter to a string before passing it to Active Record. For example: \n\n unless params[:token].nil? || params[:token].to_s.empty? \n user = User.find_by_token(params[:token].to_s) \n user.reset_password! \n end \n\n\nPatches \n------- \nTo aid users who aren't able to upgrade immediately we have provided patches for \nthe two supported release series. They are in git-am format and consist of a \nsingle changeset. \n\n* 4-2-unsafe-query-generation.patch - Patch for 4.2 series \n\nPlease note that only the 5.0.x and 4.2.x series are supported at present. Users \nof earlier unsupported releases are advised to upgrade as soon as possible as we \ncannot guarantee the continued availability of security fixes for unsupported \nreleases. \n\nCredits \n------- \n\nThanks to joernchen of Phenoelit for reporting this!", "modified": "2018-02-07T21:02:19", "published": "2016-05-17T13:38:03", "id": "H1:139321", "href": "https://hackerone.com/reports/139321", "type": "hackerone", "title": "Ruby on Rails: Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}