Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20445
HistoryApr 08, 2011 - 12:00 a.m.

Ruby on Rails跨站脚本执行及跨站请求伪造漏洞

2011-04-0800:00:00
Root
www.seebug.org
25

0.004 Low

EPSS

Percentile

73.1%

JSON

BUGTRAQ ID: 46291
CVE ID: CVE-2011-0446,CVE-2011-0447

Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。

Ruby on Rails在实现上存在跨站脚本执行和跨站请求伪造漏洞,攻击者可利用跨站脚本执行漏洞在受影响浏览器中执行任意脚本代码,窃取Cookie验证凭证。

Ruby on Rails Ruby on Rails 3.x
Ruby on Rails Ruby on Rails 2.x
Ruby on Rails Ruby on Rails 1.x
厂商补丁:

Ruby on Rails

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.rubyonrails.com/

Related

osv 5
openvas 13
nessus 8
fedora 11
securityvulns 2
debian 1
cve 3
nvd 3
debiancve 3
github 3
gitlab 4
cvelist 3
prion 3
ubuntucve 3
gentoo 1
osv
osv
rails - several vulnerabilities
2011-05-31 00:00:00
Rails actionpack gem vulnerable to Cross-site Scripting
2017-10-24 18:33:38
Moderate severity vulnerability that affects django
2018-07-23 19:51:10
openvas
openvas
Fedora Update for rubygem-actionpack FEDORA-2011-2138
2011-03-08 00:00:00
Debian Security Advisory DSA 2247-1 (rails)
2011-08-03 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2011-2133
2011-03-08 00:00:00
nessus
nessus
Debian DSA-2247-1 : rails - several vulnerabilities
2011-06-10 00:00:00
Fedora 13 : rubygem-actionpack-2.3.5-4.fc13 (2011-2138)
2011-03-07 00:00:00
Fedora 14 : rubygem-actionpack-2.3.8-3.fc14 (2011-2133)
2011-03-07 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: rubygem-actionpack-2.3.5-4.fc13
2011-03-05 02:42:18
[SECURITY] Fedora 14 Update: rubygem-actionpack-2.3.8-3.fc14
2011-03-05 02:39:03
[SECURITY] Fedora 15 Update: rubygem-activesupport-3.0.5-1.fc15
2011-04-05 21:43:08
securityvulns
securityvulns
[SECURITY] [DSA 2247-1] rails security update
2011-06-02 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-06-02 00:00:00
debian
debian
[SECURITY] [DSA 2247-1] rails security update
2011-05-31 19:04:22
cve
cve
CVE-2011-0446
2011-02-14 21:00:03
CVE-2011-0447
2011-02-14 21:00:03
CVE-2011-0696
2011-02-14 21:00:03
nvd
nvd
CVE-2011-0446
2011-02-14 21:00:03
CVE-2011-0696
2011-02-14 21:00:03
CVE-2011-0447
2011-02-14 21:00:03
debiancve
debiancve
CVE-2011-0446
2011-02-14 21:00:03
CVE-2011-0447
2011-02-14 21:00:03
CVE-2011-0696
2011-02-14 21:00:03
github
github
Rails actionpack gem vulnerable to Cross-site Scripting
2017-10-24 18:33:38
actionpack Cross-Site Request Forgery vulnerability
2017-10-24 18:33:38
Cross-site request forgery in Django
2018-07-23 19:51:10
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2017-10-24 00:00:00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2017-10-24 00:00:00
Cross-Site Request Forgery
2018-07-23 00:00:00
cvelist
cvelist
CVE-2011-0446
2011-02-14 20:00:00
CVE-2011-0696
2011-02-14 20:00:00
CVE-2011-0447
2011-02-14 20:00:00
prion
prion
Cross site scripting
2011-02-14 21:00:00
Cross site request forgery (csrf)
2011-02-14 21:00:00
Cross site request forgery (csrf)
2011-02-14 21:00:00
ubuntucve
ubuntucve
CVE-2011-0446
2011-02-14 00:00:00
CVE-2011-0447
2011-02-14 00:00:00
CVE-2011-0696
2011-02-14 00:00:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00

0.004 Low

EPSS

Percentile

73.1%

JSON
Related for SSV:20445
osv5openvas13nessus8fedora11securityvulns2debian1cve3nvd3debiancve3github3gitlab4cvelist3prion3ubuntucve3gentoo1