Debian DSA-1652-1 : ruby1.9 - several vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3655 Keita Yamaguchi discovered that several safe...

Debian DSA-1651-1 : ruby1.8 - several vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3655 Keita Yamaguchi discovered that several safe...

USN-651-1: Ruby vulnerabilities

Akira Tagoh discovered a vulnerability in Ruby which lead to an integer overflow. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service CPU consumption via an XML document with recursively nested...

CVE-2008-3790

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service CPU consumption via an XML document with recursively nested entities, aka an "XML entity explosion."...

CVE-2008-3790

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service CPU consumption via an XML document with recursively nested entities, aka an "XML entity explosion."...

CVE-2008-3790

CVE-2008-3790 details Affected software: Ruby (versions 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9). Vulnerable component: REXML module. Root cause/impact: XML entity explosion in XML documents enables context-dependent attackers to cause a denial of service (CPU consumption). Exp...

CVE-2008-3790

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service CPU consumption via an XML document with recursively nested entities, aka an "XML entity explosion."...

Ruby REXML库远程拒绝服务漏洞

BUGTRAQ ID: 30802 Ruby是一种功能强大的面向对象的脚本语言。 Ruby使用REXML库解析入站的XML请求，如果用户受骗访问了恶意网页的话，攻击者就可以使用一种称为XML实体爆炸（entity explosion）的技术远程关闭任何解析XML的应用程序，包括Ruby和Ruby on Rails。 Yukihiro Matsumoto Ruby 1.9.x Yukihiro Matsumoto Ruby 1.8.x Yukihiro Matsumoto ------------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2008-3790 ruby: DoS vulnerability in the REXML module

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service CPU consumption via an XML document with recursively nested entities, aka an "XML entity explosion...

Ruby 1.9 - REXML Remote Denial of Service

source: https://www.securityfocus.com/bid/30802/info Ruby is prone to a remote denial-of-service vulnerability in its REXML module. Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerable module. Versions up to and including Rub...

Ruby 1.9 - REXML Remote Denial of Service

Ruby 1.9 - REXML Remote Denial of Service source: https://www.securityfocus.com/bid/30802/info Ruby is prone to a remote denial-of-service vulnerability in its REXML module. Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerabl...