Lucene search
Copyright (C) 2013 Greenbone AGOPENVAS:1361412562310865339HistoryFeb 11, 2013 - 12:00 a.m.
Fedora Update for rubygem-activesupport FEDORA-2013-1710
2013-02-1100:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
26
9.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_xref(name:"URL", value:"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098535.html");
script_oid("1.3.6.1.4.1.25623.1.0.865339");
script_version("2023-06-21T05:06:23+0000");
script_tag(name:"last_modification", value:"2023-06-21 05:06:23 +0000 (Wed, 21 Jun 2023)");
script_tag(name:"creation_date", value:"2013-02-11 10:14:19 +0530 (Mon, 11 Feb 2013)");
script_cve_id("CVE-2013-0333", "CVE-2013-0156", "CVE-2012-3464");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name:"FEDORA", value:"2013-1710");
script_name("Fedora Update for rubygem-activesupport FEDORA-2013-1710");
script_tag(name:"summary", value:"The remote host is missing an update for the 'rubygem-activesupport'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC17");
script_tag(name:"affected", value:"rubygem-activesupport on Fedora 17");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC17")
{
if ((res = isrpmvuln(pkg:"rubygem-activesupport", rpm:"rubygem-activesupport~3.0.11~8.fc17", rls:"FC17")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Related
openvas
openvas
Fedora Update for rubygem-activesupport FEDORA-2013-1710
2013-02-11 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2013-4130
2013-04-02 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2013-4130
2013-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-8.fc17
2013-02-10 04:38:36
[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-6.fc16
2013-02-10 04:28:15
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-9.fc17
2013-03-30 21:30:40
osv
osv
activesupport in Rails vulnerable to incorrect data conversion
2017-10-24 18:33:37
activesupport Cross-site Scripting vulnerability
2017-10-24 18:33:37
rails - insufficient input validation
2013-01-09 00:00:00
cert
cert
Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability
2013-01-28 00:00:00
veracode
veracode
threatpost
threatpost
Some Versions of Ruby on Rails Vulnerable to New Parsing Attack
2013-01-29 17:47:51
Exploit Code, Metasploit Module Out for Ruby on Rails Flaws
2013-01-10 15:01:40
Ruby on Rails Exploit Harvests IRC Botnet
2013-05-28 18:56:05
packetstorm
packetstorm
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-01-29 00:00:00
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
nessus
nessus
Mac OS X : OS X Server < 2.2.1 Multiple Vulnerabilities
2013-02-05 00:00:00
Fedora 16 : rubygem-activesupport-3.0.10-4.fc16 (2012-11880)
2012-08-23 00:00:00
Fedora 17 : rubygem-activesupport-3.0.11-6.fc17 (2012-11888)
2012-08-23 00:00:00
cve
cve
ubuntucve
ubuntucve
prion
prion
Sql injection
2013-01-30 12:00:00
Cross site scripting
2012-08-10 10:34:00
Type confusion
2013-01-13 22:55:00
debiancve
debiancve
github
github
activesupport in Rails vulnerable to incorrect data conversion
2017-10-24 18:33:37
activesupport Cross-site Scripting vulnerability
2017-10-24 18:33:37
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:37
rubygems
rubygems
CVE-2013-0333 rubygem-activesupport: json to yaml parsing
2013-01-27 20:00:00
CVE-2012-3464 rubygem-actionpack: potential XSS vulnerability
2012-08-08 20:00:00
checkpoint_advisories
checkpoint_advisories
debian
debian
[SECURITY] [DSA 2613-1] rails security update
2013-01-30 07:33:38
[SECURITY] [DLA 172-1] libextlib-ruby security update
2015-03-14 19:01:22
[SECURITY] [DSA 2604-1] rails security update
2013-01-09 19:17:20
seebug
seebug
Ruby on Rails 'convert_json_to_yaml()'ćšćłĺŽĺ
¨ćźć´
2013-01-30 00:00:00
Ruby on Rails XML Processor YAML Deserialization Code Execution
2014-07-01 00:00:00
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-02-03 00:00:00
suse
suse
ruby on rails to 2.3.16 (important)
2013-02-12 10:10:39
ruby on rails to 2.3.16 (important)
2013-02-12 11:04:29
Security update for Ruby on Rails (important)
2013-04-03 20:06:19
gitlab
gitlab
Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
2013-01-30 00:00:00
Potential XSS Vulnerability in Ruby on Rails
2012-08-10 00:00:00
Multiple vulnerabilities in parameter parsing in Action Pack
2013-01-13 00:00:00
redhat
redhat
(RHSA-2013:0201) Critical: rubygem-activesupport security update
2013-01-28 00:00:00
(RHSA-2013:0202) Critical: rubygem-activesupport security update
2013-01-28 00:00:00
(RHSA-2013:0153) Critical: Ruby on Rails security update
2013-01-10 00:00:00
metasploit
metasploit
Ruby on Rails XML Processor YAML Deserialization Code Execution
2013-01-10 05:10:13
Ruby on Rails JSON Processor YAML Deserialization Scanner
2013-02-11 22:48:44
Ruby on Rails XML Processor YAML Deserialization Scanner
2013-01-09 18:50:38
securityvulns
securityvulns
[SECURITY] [DSA 2613-1] rails security update
2013-02-04 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-02-04 00:00:00
Apple Mac OS X multiple security vulnerabilities
2013-03-24 00:00:00
zdt
zdt
Action Pack Multiple Vulnerabilities
2013-01-09 00:00:00
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
kitploit
kitploit
saint
saint
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
thn
thn
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-31 03:53:00
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-30 16:53:00
exploitdb
exploitdb
ics
ics
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2013-01-08 00:00:00
rubygem-rails -- multiple vulnerabilities
2012-08-08 00:00:00
puppet27 and puppet -- multiple vulnerabilities
2013-03-13 00:00:00
nmap
nmap
http-vuln-cve2013-0156 NSE Script
2013-04-25 03:15:33
9.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Related for OPENVAS:1361412562310865339