Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2015 Greenbone AGOPENVAS:1361412562310869062
HistoryMar 06, 2015 - 12:00 a.m.

Fedora Update for rubygem-actionpack FEDORA-2014-15371

2015-03-0600:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
20

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.7 Medium

AI Score

Confidence

High

0.173 Low

EPSS

Percentile

96.1%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.869062");
  script_version("2023-06-22T10:34:15+0000");
  script_tag(name:"last_modification", value:"2023-06-22 10:34:15 +0000 (Thu, 22 Jun 2023)");
  script_tag(name:"creation_date", value:"2015-03-06 06:47:59 +0100 (Fri, 06 Mar 2015)");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2014-7818", "CVE-2014-7829", "CVE-2014-0130", "CVE-2014-0081",
                "CVE-2013-6414", "CVE-2013-6415", "CVE-2013-6416", "CVE-2013-6417",
                "CVE-2013-4491");
  script_tag(name:"cvss_base", value:"6.4");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_tag(name:"qod_type", value:"package");
  script_name("Fedora Update for rubygem-actionpack FEDORA-2014-15371");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'rubygem-actionpack'
  package(s) announced via the referenced advisory.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"affected", value:"rubygem-actionpack on Fedora 20");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_xref(name:"FEDORA", value:"2014-15371");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/150832.html");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC20");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "FC20")
{

  if ((res = isrpmvuln(pkg:"rubygem-actionpack", rpm:"rubygem-actionpack~4.0.0~5.fc20", rls:"FC20")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Related

fedora 9
openvas 19
nessus 22
freebsd 1
debian 2
securityvulns 6
redhat 8
cve 9
osv 10
github 10
prion 9
cvelist 9
debiancve 8
nvd 9
ubuntucve 9
gitlab 5
hackerone 4
veracode 10
centos 2
myhack58 1
seebug 2
websecuritylog 1
attackerkb 1
cisa_kev 1
rubygems 2
mageia 2
fedora
fedora
[SECURITY] Fedora 20 Update: rubygem-actionpack-4.0.0-5.fc20
2015-03-05 12:31:58
[SECURITY] Fedora 20 Update: rubygem-actionpack-4.0.0-4.fc20
2014-05-23 18:56:34
[SECURITY] Fedora 20 Update: rubygem-actionpack-4.0.0-2.fc20
2014-03-07 06:36:05
openvas
openvas
Fedora Update for rubygem-actionpack FEDORA-2014-6098
2014-05-26 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2014-3169
2014-03-12 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2014-3169
2014-03-12 00:00:00
nessus
nessus
FreeBSD : rails -- multiple vulnerabilities (6a806960-3016-44ed-8575-8614a7cb57c7)
2013-12-09 00:00:00
Fedora 20 : rubygem-actionpack-4.0.0-2.fc20 (2013-23636)
2014-03-07 00:00:00
openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1906-1)
2014-06-13 00:00:00
freebsd
freebsd
rails -- multiple vulnerabilities
2013-12-03 00:00:00
debian
debian
[SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update
2014-03-27 15:04:16
[SECURITY] [DSA 2929-1] ruby-actionpack-3.2 security update
2014-05-16 08:15:07
securityvulns
securityvulns
Ruby Actionpack / Actionmailer multiple security vulnerabilities
2014-05-04 00:00:00
[SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update
2014-05-04 00:00:00
[SECURITY] [DSA 2929-1] ruby-actionpack-3.2 security update
2014-06-14 00:00:00
redhat
redhat
(RHSA-2014:0008) Important: ruby193-rubygem-actionpack security update
2014-01-06 00:00:00
(RHSA-2013:1794) Important: ruby193-rubygem-actionpack security update
2013-12-05 00:00:00
(RHSA-2014:1863) Important: Subscription Asset Manager 1.4 security update
2014-11-17 00:00:00
cve
cve
CVE-2014-7829
2014-11-18 23:59:03
CVE-2013-6415
2013-12-07 00:55:03
CVE-2013-6414
2013-12-07 00:55:03
osv
osv
Directory traversal vulnerability in actionpack
2017-10-24 18:33:36
actionpack vulnerable to Path Traversal
2017-10-24 18:33:36
ruby-actionpack-3.2 - security update
2014-05-16 00:00:00
github
github
Directory traversal vulnerability in actionpack
2017-10-24 18:33:36
actionpack Cross-site Scripting vulnerability
2017-10-24 18:33:36
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:37
prion
prion
Directory traversal
2014-11-18 23:59:00
Cross site scripting
2013-12-07 00:55:00
Directory traversal
2014-11-08 11:55:00
cvelist
cvelist
CVE-2014-7829
2014-11-18 23:00:00
CVE-2013-6414
2013-12-07 00:00:00
CVE-2013-6415
2013-12-07 00:00:00
debiancve
debiancve
CVE-2014-7829
2014-11-18 23:59:03
CVE-2013-6414
2013-12-07 00:55:03
CVE-2013-6415
2013-12-07 00:55:03
nvd
nvd
CVE-2014-7829
2014-11-18 23:59:03
CVE-2013-6416
2013-12-07 00:55:03
CVE-2014-7818
2014-11-08 11:55:02
ubuntucve
ubuntucve
CVE-2014-7829
2014-11-18 00:00:00
CVE-2013-6414
2013-12-07 00:00:00
CVE-2013-6416
2013-12-07 00:00:00
gitlab
gitlab
XSS Vulnerability in simple_format helper
2013-12-06 00:00:00
XSS Vulnerability in number_to_currency
2013-12-06 00:00:00
Improper Input Validation
2013-12-07 00:00:00
hackerone
hackerone
Ruby on Rails: Arbitrary file existence disclosure in Action Pack
2014-11-04 00:00:00
Upserve : reports.breadcrumb.com is vulnerable for Arbitrary file existence disclosur CVE-2014-7829
2018-03-23 15:22:41
New Relic: newrelic.com rails directory traversal vuln
2016-04-23 13:23:49
veracode
veracode
Directory Traversal When Route Globbing Configurations Are Enabled
2019-01-15 08:55:13
Cross-site Scripting (XSS)
2019-01-15 08:52:53
Multiple Cross-site Scripting (XSS) Vulnerabilities
2019-01-15 08:58:42
centos
centos
ruby193 security update
2014-05-21 17:54:02
ruby193 security update
2014-03-17 21:55:16
myhack58
myhack58
Ruby on Rails remote code execution vulnerability analysis (CVE-2 0 1 6-0 7 5 2)-vulnerability warning-the black bar safety net
2016-01-29 00:00:00
seebug
seebug
Ruby on Rails 'implicit render' functionality Directory Traversal Vulnerability (CVE-2014-0130)
2017-04-28 00:00:00
Rails Dynamic Render θΏœη¨‹ε‘½δ»€ζ‰§θ‘ŒζΌζ΄ž (CVE-2016-0752)
2016-01-27 00:00:00
websecuritylog
websecuritylog
Facebook Web Security Bug Bounty: Directory Traversal Vulnerability / RCE In Parse.com
2014-10-20 08:32:00
attackerkb
attackerkb
CVE-2014-0130
2014-05-07 00:00:00
cisa_kev
cisa_kev
Ruby on Rails Directory Traversal Vulnerability
2022-03-25 00:00:00
rubygems
rubygems
Arbitrary file existence disclosure in Action Pack
2014-11-16 21:00:00
CVE-2014-0081 rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability
2014-02-17 20:00:00
mageia
mageia
Updated ruby-rails and associated packages fix multiple vulnerabilities
2014-04-24 23:02:23
Updated ruby-actionpack packages fix security issues
2014-07-26 17:09:43

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.7 Medium

AI Score

Confidence

High

0.173 Low

EPSS

Percentile

96.1%

JSON
Related for OPENVAS:1361412562310869062
fedora9openvas19nessus22freebsd1debian2securityvulns6redhat8cve9osv10github10prion9cvelist9debiancve8nvd9ubuntucve9gitlab5hackerone4veracode10centos2myhack581seebug2websecuritylog1attackerkb1cisa_kev1rubygems2mageia2