Lucene search

[email protected]CVE-2013-6414

HistoryDec 07, 2013 - 12:55 a.m.

CVE-2013-6414

2013-12-0700:55:03

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-6414

ruby on rails

remote attack

denial of service

memory consumption

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.173 Low

EPSS

Percentile

96.1%

JSON

actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.

Affected configurations

NVD

Node

rubyonrailsrailsRange≤4.0.1-

rubyonrailsrailsMatch4.0.0-

rubyonrailsrailsMatch4.0.0beta

rubyonrailsrailsMatch4.0.0rc1

rubyonrailsrailsMatch4.0.0rc2

rubyonrailsrailsMatch4.0.1rc1

Node

rubyonrailsrailsMatch3.0.0

rubyonrailsrailsMatch3.0.0beta

rubyonrailsrailsMatch3.0.0beta2

rubyonrailsrailsMatch3.0.0beta3

rubyonrailsrailsMatch3.0.0beta4

rubyonrailsrailsMatch3.0.0rc

rubyonrailsrailsMatch3.0.0rc2

rubyonrailsrailsMatch3.0.1

rubyonrailsrailsMatch3.0.1pre

rubyonrailsrailsMatch3.0.2

rubyonrailsrailsMatch3.0.2pre

rubyonrailsrailsMatch3.0.3

rubyonrailsrailsMatch3.0.4rc1

rubyonrailsrailsMatch3.0.5

rubyonrailsrailsMatch3.0.5rc1

rubyonrailsrailsMatch3.0.6

rubyonrailsrailsMatch3.0.6rc1

rubyonrailsrailsMatch3.0.6rc2

rubyonrailsrailsMatch3.0.7

rubyonrailsrailsMatch3.0.7rc1

rubyonrailsrailsMatch3.0.7rc2

rubyonrailsrailsMatch3.0.8

rubyonrailsrailsMatch3.0.8rc1

rubyonrailsrailsMatch3.0.8rc2

rubyonrailsrailsMatch3.0.8rc3

rubyonrailsrailsMatch3.0.8rc4

rubyonrailsrailsMatch3.0.9

rubyonrailsrailsMatch3.0.9rc1

rubyonrailsrailsMatch3.0.9rc2

rubyonrailsrailsMatch3.0.9rc3

rubyonrailsrailsMatch3.0.9rc4

rubyonrailsrailsMatch3.0.9rc5

rubyonrailsrailsMatch3.0.10

rubyonrailsrailsMatch3.0.10rc1

rubyonrailsrailsMatch3.0.11

rubyonrailsrailsMatch3.0.12

rubyonrailsrailsMatch3.0.12rc1

rubyonrailsrailsMatch3.0.13

rubyonrailsrailsMatch3.0.13rc1

rubyonrailsrailsMatch3.0.14

rubyonrailsrailsMatch3.0.16

rubyonrailsrailsMatch3.0.17

rubyonrailsrailsMatch3.0.18

rubyonrailsrailsMatch3.0.19

rubyonrailsrailsMatch3.0.20

rubyonrailsrailsMatch3.1.0

rubyonrailsrailsMatch3.1.0beta1

rubyonrailsrailsMatch3.1.0rc1

rubyonrailsrailsMatch3.1.0rc2

rubyonrailsrailsMatch3.1.0rc3

rubyonrailsrailsMatch3.1.0rc4

rubyonrailsrailsMatch3.1.0rc5

rubyonrailsrailsMatch3.1.0rc6

rubyonrailsrailsMatch3.1.0rc7

rubyonrailsrailsMatch3.1.0rc8

rubyonrailsrailsMatch3.1.1

rubyonrailsrailsMatch3.1.1rc1

rubyonrailsrailsMatch3.1.1rc2

rubyonrailsrailsMatch3.1.1rc3

rubyonrailsrailsMatch3.1.2

rubyonrailsrailsMatch3.1.2rc1

rubyonrailsrailsMatch3.1.2rc2

rubyonrailsrailsMatch3.1.3

rubyonrailsrailsMatch3.1.4

rubyonrailsrailsMatch3.1.4rc1

rubyonrailsrailsMatch3.1.5

rubyonrailsrailsMatch3.1.5rc1

rubyonrailsrailsMatch3.1.6

rubyonrailsrailsMatch3.1.7

rubyonrailsrailsMatch3.1.8

rubyonrailsrailsMatch3.1.9

rubyonrailsrailsMatch3.1.10

rubyonrailsrailsMatch3.2.0

rubyonrailsrailsMatch3.2.0rc1

rubyonrailsrailsMatch3.2.0rc2

rubyonrailsrailsMatch3.2.1

rubyonrailsrailsMatch3.2.2

rubyonrailsrailsMatch3.2.2rc1

rubyonrailsrailsMatch3.2.3

rubyonrailsrailsMatch3.2.3rc1

rubyonrailsrailsMatch3.2.3rc2

rubyonrailsrailsMatch3.2.4

rubyonrailsrailsMatch3.2.4rc1

rubyonrailsrailsMatch3.2.5

rubyonrailsrailsMatch3.2.6

rubyonrailsrailsMatch3.2.7

rubyonrailsrailsMatch3.2.8

rubyonrailsrailsMatch3.2.9

rubyonrailsrailsMatch3.2.10

rubyonrailsrailsMatch3.2.11

rubyonrailsrailsMatch3.2.12

rubyonrailsrailsMatch3.2.13

rubyonrailsrailsMatch3.2.13rc1

rubyonrailsrailsMatch3.2.13rc2

rubyonrailsruby_on_railsRange≤3.2.15

rubyonrailsruby_on_railsMatch3.0.4

rubyonrailsruby_on_railsMatch3.1.11

rubyonrailsruby_on_railsMatch3.2.14

rubyonrailsruby_on_railsMatch3.2.14rc1

rubyonrailsruby_on_railsMatch3.2.14rc2

rubyonrailsruby_on_railsMatch3.2.15rc1

rubyonrailsruby_on_railsMatch3.2.15rc2

CPENameOperatorVersion
rubyonrails:railsrubyonrails railsle4.0.1
rubyonrails:railsrubyonrails railseq4.0.0

CPE	Name	Operator	Version
rubyonrails:rails	rubyonrails rails	le	4.0.1
rubyonrails:rails	rubyonrails rails	eq	4.0.0

References

lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

rhn.redhat.com/errata/RHSA-2013-1794.html

rhn.redhat.com/errata/RHSA-2014-0008.html

rhn.redhat.com/errata/RHSA-2014-1863.html

secunia.com/advisories/57836

weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

www.debian.org/security/2014/dsa-2888

www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ

puppet.com/security/cve/cve-2013-6414

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.173 Low

EPSS

Percentile

96.1%

JSON

Related for CVE-2013-6414

prion1 gitlab1 osv1 github1 nvd1 ubuntucve1 cvelist1 debiancve1 openvas13 redhat3 securityvulns2 freebsd1 nessus10 debian1 fedora7