Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rubygemsRubySecRUBY:ACTIVESUPPORT-2013-1856-91451
HistoryMar 18, 2013 - 8:00 p.m.

XML Parsing Vulnerability affecting JRuby users

2013-03-1820:00:00
RubySec
nvd.nist.gov
13

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

JSON

The ActiveSupport XML parsing functionality supports multiple
pluggable backends. One backend supported for JRuby users is
ActiveSupport::XmlMini_JDOM which makes use of the
javax.xml.parsers.DocumentBuilder class. In some JVM configurations
the default settings of that class can allow an attacker to construct
XML which, when parsed, will contain the contents of arbitrary URLs
including files from the application server. They may also allow for
various denial of service attacks. Action Pack

Affected configurations

Vulners
Node
rubyactivesupportRange3.1.0–3.1.12
OR
rubyactivesupportRange≀3.2.13
VendorProductVersionCPE
rubyactivesupport*cpe:2.3:a:ruby:activesupport:*:*:*:*:*:*:*:*

Related

seebug 1
osv 1
nessus 6
gitlab 1
cve 1
cvelist 1
github 1
ubuntucve 1
nvd 1
debiancve 1
prion 1
openvas 6
fedora 2
freebsd 1
threatpost 1
gentoo 1
securityvulns 2
seebug
seebug
Ruby on Rails XMLθ§£ζžθΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž(CVE-2013-1856)
2013-03-20 00:00:00
osv
osv
activesupport Improper Input Validation vulnerability
2017-10-24 18:33:37
nessus
nessus
Fedora 18 : rubygem-activesupport-3.2.8-3.fc18 (2013-4198)
2013-04-01 00:00:00
Fedora 17 : rubygem-activesupport-3.0.11-9.fc17 (2013-4130)
2013-04-01 00:00:00
FreeBSD : rubygem-rails -- multiple vulnerabilities (db0c4b00-a24c-11e2-9601-000d601460a4)
2013-04-12 00:00:00
gitlab
gitlab
XML Parsing Vulnerability affecting JRuby users
2013-03-19 00:00:00
cve
cve
CVE-2013-1856
2013-03-19 22:55:01
cvelist
cvelist
CVE-2013-1856
2013-03-19 22:00:00
github
github
activesupport Improper Input Validation vulnerability
2017-10-24 18:33:37
ubuntucve
ubuntucve
CVE-2013-1856
2013-03-19 00:00:00
nvd
nvd
CVE-2013-1856
2013-03-19 22:55:01
debiancve
debiancve
CVE-2013-1856
2013-03-19 22:55:01
prion
prion
Design/Logic Flaw
2013-03-19 22:55:00
openvas
openvas
Fedora Update for rubygem-activesupport FEDORA-2013-4198
2013-04-02 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2013-4198
2013-04-02 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2013-4130
2013-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: rubygem-activesupport-3.2.8-3.fc18
2013-03-30 21:27:44
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-9.fc17
2013-03-30 21:30:40
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2013-03-18 00:00:00
threatpost
threatpost
Ruby on Rails Patches DoS, XSS Vulnerabilities
2013-03-19 16:31:57
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
securityvulns
securityvulns
Apple Mac OS X multiple security vulnerabilities
2013-06-17 00:00:00
APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002
2013-06-17 00:00:00

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

JSON
Related for RUBY:ACTIVESUPPORT-2013-1856-91451
seebug1osv1nessus6gitlab1cve1cvelist1github1ubuntucve1nvd1debiancve1prion1openvas6fedora2freebsd1threatpost1gentoo1securityvulns2