 |
Inicial ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles Site
Analyzer ▼
Inicial
Análisis Avanzado
Análisis Estándar
Análisis Básico
Resumen de Precios/Funciones
Ordenar
Preguntas Frecuentes
Ejecutar Análisis Reportes Ver Cola Recordatorio | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.702604 |
| Categoría: | Debian Local Security Checks |
| Título: | Debian Security Advisory DSA 2604-1 (rails - insufficient input validation) |
| Resumen: | It was discovered that Rails, the Ruby web application development;framework, performed insufficient validation on input parameters,;allowing unintended type conversions. An attacker may use this to;bypass authentication systems, inject arbitrary SQL, inject and;execute arbitrary code, or perform a DoS attack on the application. |
| Descripción: | Summary: It was discovered that Rails, the Ruby web application development framework, performed insufficient validation on input parameters, allowing unintended type conversions. An attacker may use this to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on the application. Affected Software/OS: rails on Debian Linux Solution: For the stable distribution (squeeze), this problem has been fixed in version 2.3.5-1.2+squeeze4.1. For the testing distribution (wheezy) and unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your rails packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-0156 http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html CERT/CC vulnerability note: VU#380039 http://www.kb.cert.org/vuls/id/380039 CERT/CC vulnerability note: VU#628463 http://www.kb.cert.org/vuls/id/628463 Debian Security Information: DSA-2604 (Google Search) http://www.debian.org/security/2013/dsa-2604 http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A http://www.insinuator.net/2013/01/rails-yaml/ https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156 https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain RedHat Security Advisories: RHSA-2013:0153 http://rhn.redhat.com/errata/RHSA-2013-0153.html RedHat Security Advisories: RHSA-2013:0154 http://rhn.redhat.com/errata/RHSA-2013-0154.html RedHat Security Advisories: RHSA-2013:0155 http://rhn.redhat.com/errata/RHSA-2013-0155.html |
| Copyright | Copyright (C) 2013 Greenbone Networks GmbH http://greenbone.net |
| Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |