7 matches found
FreeBSD : rubygem-rails -- multiple vulnerabilities (db0c4b00-a24c-11e2-9601-000d601460a4)
Ruby on Rails team reports : Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed : - CVE-2013-1854 Symbol DoS vulnerability in Active Record - CVE-2013-185...
Fedora Update for rubygem-activesupport FEDORA-2013-4130
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for rubygem-activesupport FEDORA-2013-4130
Check for the Version of rubygem-activesupport OpenVAS Vulnerability Test Fedora Update for rubygem-activesupport FEDORA-2013-4130 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
Fedora Update for rubygem-activesupport FEDORA-2013-4198
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Ruby on Rails XML解析远程拒绝服务漏洞(CVE-2013-1856)
BUGTRAQ ID: 58554 CVECAN ID: CVE-2013-1856 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 Ruby on Rails 3.0.0及之后版本在使用JRuby时,ActiveSupport XML解析器的JDOM后端内存在漏洞,攻击者可利用此漏洞造成拒绝服务或访问应用服务器上的文件。 0 Ruby on Rails 3.x Ruby on Rails 2.x 临时解决方法: 如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁:...
CVE-2013-1856
The ActiveSupport::XmlMiniJDOM backend in lib/activesupport/xmlmini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to...
CVE-2013-1856
CVE-2013-1856 affects the ActiveSupport XML parser backend (XMLMini_JDOM) in Ruby on Rails’ Active Support. Specifically, JRuby users of Rails 3.0.x and 3.1.x before 3.1.12 and Rails 3.2.x before 3.2.13 have an XML parsing vulnerability that can allow a remote attacker to read arbitrary files or ...