Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2013-1002.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : rubygem-i18n / rubygem-i18n-0_6 (openSUSE-SU-2013:1930-1)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.9%
This update fixes the following security issue with rubygem-i18n :
- fix bnc#854166: CVE-2013-4492: rubygem-i18n: missing translation XSS. File CVE-2013-4492.patch.i18n.0.6.x contains the fix.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-1002.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(74862);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2013-4492");
script_name(english:"openSUSE Security Update : rubygem-i18n / rubygem-i18n-0_6 (openSUSE-SU-2013:1930-1)");
script_summary(english:"Check for the openSUSE-2013-1002 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes the following security issue with rubygem-i18n :
- fix bnc#854166: CVE-2013-4492: rubygem-i18n: missing
translation XSS. File CVE-2013-4492.patch.i18n.0.6.x
contains the fix."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=854166"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected rubygem-i18n / rubygem-i18n-0_6 packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-i18n");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-i18n-0_6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-i18n-0_6-testsuite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-i18n-testsuite");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
script_set_attribute(attribute:"patch_publication_date", value:"2013/12/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.2|SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3 / 13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE12.2", reference:"rubygem-i18n-0_6-0.6.0-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"rubygem-i18n-0_6-testsuite-0.6.0-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"rubygem-i18n-0.6.1-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"rubygem-i18n-testsuite-0.6.1-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"rubygem-i18n-0.6.4-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"rubygem-i18n-testsuite-0.6.4-2.4.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rubygem-i18n-0_6 / rubygem-i18n-0_6-testsuite / rubygem-i18n / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | rubygem-i18n | p-cpe:/a:novell:opensuse:rubygem-i18n |
| novell | opensuse | rubygem-i18n-0_6 | p-cpe:/a:novell:opensuse:rubygem-i18n-0_6 |
| novell | opensuse | rubygem-i18n-0_6-testsuite | p-cpe:/a:novell:opensuse:rubygem-i18n-0_6-testsuite |
| novell | opensuse | rubygem-i18n-testsuite | p-cpe:/a:novell:opensuse:rubygem-i18n-testsuite |
| novell | opensuse | 12.2 | cpe:/o:novell:opensuse:12.2 |
| novell | opensuse | 12.3 | cpe:/o:novell:opensuse:12.3 |
| novell | opensuse | 13.1 | cpe:/o:novell:opensuse:13.1 |
Related
nessus
nessus
Fedora 19 : rubygem-i18n-0.6.1-4.fc19 (2013-23062)
2013-12-20 00:00:00
Fedora 18 : rubygem-i18n-0.6.0-2.fc18 (2013-23068)
2013-12-20 00:00:00
Debian DSA-2830-1 : ruby-i18n - XSS
2014-01-02 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2830-1)
2013-12-29 00:00:00
Fedora Update for rubygem-i18n FEDORA-2013-23062
2013-12-23 00:00:00
Fedora Update for rubygem-i18n FEDORA-2013-23062
2013-12-23 00:00:00
debian
debian
[SECURITY] [DSA 2830-1] ruby-i18n security update
2013-12-30 22:19:50
debiancve
debiancve
CVE-2013-4492
2013-12-07 00:55:03
cve
cve
CVE-2013-4492
2013-12-07 00:55:03
fedora
fedora
[SECURITY] Fedora 18 Update: rubygem-i18n-0.6.0-2.fc18
2013-12-19 07:04:40
[SECURITY] Fedora 20 Update: rubygem-i18n-0.6.4-3.fc20
2013-12-19 07:08:05
[SECURITY] Fedora 19 Update: rubygem-i18n-0.6.1-4.fc19
2013-12-19 07:05:51
ubuntucve
ubuntucve
CVE-2013-4492
2013-12-07 00:00:00
osv
osv
ruby-i18n - cross-site scripting
2013-12-30 00:00:00
i18n gem Cross-site Scripting vulnerability
2017-10-24 18:33:37
cvelist
cvelist
CVE-2013-4492
2013-12-07 00:00:00
github
github
i18n gem Cross-site Scripting vulnerability
2017-10-24 18:33:37
mageia
mageia
Updated ruby-i18n package fixes security vulnerability
2014-01-21 20:12:37
securityvulns
securityvulns
[SECURITY] [DSA 2830-1] ruby-i18n security update
2014-01-08 00:00:00
Different Ruby gems security vulnerabilities
2014-05-04 00:00:00
nvd
nvd
CVE-2013-4492
2013-12-07 00:55:03
prion
prion
Cross site scripting
2013-12-07 00:55:00
rubygems
rubygems
Reflective XSS Vulnerability in Ruby on Rails
2013-12-02 20:00:00
redhat
redhat
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.9%
Related for OPENSUSE-2013-1002.NASL