Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2011-2929
HistoryAug 29, 2011 - 12:00 a.m.

CVE-2011-2929

2011-08-2900:00:00
ubuntu.com
ubuntu.com
15

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

80.9%

JSON

The template selection functionality in
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x
before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob
characters, which allows remote attackers to render arbitrary views via a
crafted URL, related to a “filter skipping vulnerability.”

Notes

Author Note
mdeslaur only affects 3.x

Related

debiancve 1
github 1
cve 1
osv 1
prion 1
gitlab 1
nessus 3
openvas 19
fedora 9
gentoo 1
debiancve
debiancve
CVE-2011-2929
2011-08-29 18:55:00
github
github
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:38
cve
cve
CVE-2011-2929
2011-08-29 18:55:00
osv
osv
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:38
prion
prion
Spoofing
2011-08-29 18:55:00
gitlab
gitlab
Improper Input Validation
2017-10-24 00:00:00
nessus
nessus
Fedora 15 : rubygem-actionpack-3.0.5-4.fc15 (2011-11572)
2011-09-07 00:00:00
Fedora 16 : rubygem-actionmailer-3.0.10-1.fc16 / rubygem-actionpack-3.0.10-1.fc16 / etc (2011-11386)
2011-09-07 00:00:00
GLSA-201412-28 : Ruby on Rails: Multiple vulnerabilities
2014-12-15 00:00:00
openvas
openvas
Fedora Update for rubygem-actionpack FEDORA-2011-11572
2011-09-12 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2011-11572
2011-09-12 00:00:00
Fedora Update for rubygem-actionmailer FEDORA-2011-11386
2012-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: rubygem-actionpack-3.0.5-4.fc15
2011-09-07 00:07:54
[SECURITY] Fedora 16 Update: rubygem-activerecord-3.0.10-1.fc16
2011-09-07 03:23:00
[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-1.fc16
2011-09-07 03:23:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

80.9%

JSON
Related for UB:CVE-2011-2929
debiancve1github1cve1osv1prion1gitlab1nessus3openvas19fedora9gentoo1