Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702655
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2655-1 (rails - several vulnerabilities)
Summary:Several cross-site-scripting and denial of service vulnerabilities;were discovered in Ruby on Rails, a Ruby framework for web application;development.
Description:Summary:
Several cross-site-scripting and denial of service vulnerabilities
were discovered in Ruby on Rails, a Ruby framework for web application
development.

Affected Software/OS:
rails on Debian Linux

Solution:
For the stable distribution (squeeze), these problems have been fixed in
version 2.3.5-1.2+squeeze8.

For the testing distribution (wheezy) and the unstable distribution (sid),
these problems have been fixed in the version 3.2.6-5 of
ruby-activerecord-3.2, version 2.3.14-6 of ruby-activerecord-2.3,
version 2.3.14-7 of ruby-activesupport-2.3, version 3.2.6-6 of
ruby-actionpack-3.2 and in version 2.3.14-5 of ruby-actionpack-2.3.

We recommend that you upgrade your rails packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1854
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain
RedHat Security Advisories: RHSA-2013:0699
http://rhn.redhat.com/errata/RHSA-2013-0699.html
RedHat Security Advisories: RHSA-2014:1863
http://rhn.redhat.com/errata/RHSA-2014-1863.html
SuSE Security Announcement: openSUSE-SU-2013:0659 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html
SuSE Security Announcement: openSUSE-SU-2013:0660 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html
SuSE Security Announcement: openSUSE-SU-2013:0664 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html
SuSE Security Announcement: openSUSE-SU-2013:0667 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html
SuSE Security Announcement: openSUSE-SU-2013:0668 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-3465
https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain
RedHat Security Advisories: RHSA-2013:0154
http://rhn.redhat.com/errata/RHSA-2013-0154.html
http://secunia.com/advisories/50694
Common Vulnerability Exposure (CVE) ID: CVE-2013-1855
https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain
RedHat Security Advisories: RHSA-2013:0698
http://rhn.redhat.com/errata/RHSA-2013-0698.html
SuSE Security Announcement: openSUSE-SU-2013:0661 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html
SuSE Security Announcement: openSUSE-SU-2013:0662 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html
SuSE Security Announcement: openSUSE-SU-2014:0019 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2932
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html
http://www.openwall.com/lists/oss-security/2011/08/17/1
http://www.openwall.com/lists/oss-security/2011/08/19/11
http://www.openwall.com/lists/oss-security/2011/08/20/1
http://www.openwall.com/lists/oss-security/2011/08/22/13
http://www.openwall.com/lists/oss-security/2011/08/22/14
http://www.openwall.com/lists/oss-security/2011/08/22/5
http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain
http://secunia.com/advisories/45917
Common Vulnerability Exposure (CVE) ID: CVE-2013-1857
https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain
Common Vulnerability Exposure (CVE) ID: CVE-2012-3464
https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.