FreeBSD Local Security Checks : FreeBSD Ports: rubygem-rails

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.71507

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: rubygem-rails

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

rubygem-rails, rubygem-actionpack, rubygem-activesupport

CVE-2012-3463
Cross-site scripting (XSS) vulnerability in
actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails
3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows
remote attackers to inject arbitrary web script or HTML via the prompt
field to the select_tag helper.
CVE-2012-3464
Cross-site scripting (XSS) vulnerability in
activesupport/lib/active_support/core_ext/string/output_safety.rb in
Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before
3.2.8 might allow remote attackers to inject arbitrary web script or
HTML via vectors involving a ' (quote) character.
CVE-2012-3465
Cross-site scripting (XSS) vulnerability in
actionpack/lib/action_view/helpers/sanitize_helper.rb in the
strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8,
and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web
script or HTML via malformed HTML markup.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3463
https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain
RedHat Security Advisories: RHSA-2013:0154
http://rhn.redhat.com/errata/RHSA-2013-0154.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-3464
https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain
http://secunia.com/advisories/50694
Common Vulnerability Exposure (CVE) ID: CVE-2012-3465
https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain

Copyright Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.71507
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: rubygem-rails
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: rubygem-rails, rubygem-actionpack, rubygem-activesupport CVE-2012-3463 Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper. CVE-2012-3464 Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character. CVE-2012-3465 Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3463 https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain RedHat Security Advisories: RHSA-2013:0154 http://rhn.redhat.com/errata/RHSA-2013-0154.html Common Vulnerability Exposure (CVE) ID: CVE-2012-3464 https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain http://secunia.com/advisories/50694 Common Vulnerability Exposure (CVE) ID: CVE-2012-3465 https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain
Copyright	Copyright (C) 2012 E-Soft Inc.