Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:60696
HistoryMar 20, 2013 - 12:00 a.m.

Ruby on Rails XML解析远程拒绝服务漏洞(CVE-2013-1856)

2013-03-2000:00:00
Root
www.seebug.org
28

0.013 Low

EPSS

Percentile

85.8%

JSON

BUGTRAQ ID: 58554
CVE(CAN) ID: CVE-2013-1856

Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。

Ruby on Rails 3.0.0及之后版本在使用JRuby时,ActiveSupport XML解析器的JDOM后端内存在漏洞,攻击者可利用此漏洞造成拒绝服务或访问应用服务器上的文件。
0
Ruby on Rails 3.x
Ruby on Rails 2.x
临时解决方法:

如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁:

  • 将下面的代码放在应用初始化程序内以防止此漏洞被利用:

ActiveSupport::XmlMini.backend="REXML"

厂商补丁:

Ruby on Rails

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.rubyonrails.com/
http://seclists.org/oss-sec/2013/q1/att-680/3-0-jdom.patch
http://seclists.org/oss-sec/2013/q1/att-680/3-2-jdom.patch
http://seclists.org/oss-sec/2013/q1/att-680/3-1-jdom.patch
http://seclists.org/oss-sec/2013/q1/att-680/_bin

Related

nessus 6
osv 1
cve 1
gitlab 1
cvelist 1
nvd 1
debiancve 1
github 1
ubuntucve 1
prion 1
openvas 6
fedora 2
freebsd 1
threatpost 1
securityvulns 2
gentoo 1
nessus
nessus
Fedora 18 : rubygem-activesupport-3.2.8-3.fc18 (2013-4198)
2013-04-01 00:00:00
Fedora 17 : rubygem-activesupport-3.0.11-9.fc17 (2013-4130)
2013-04-01 00:00:00
FreeBSD : rubygem-rails -- multiple vulnerabilities (db0c4b00-a24c-11e2-9601-000d601460a4)
2013-04-12 00:00:00
osv
osv
activesupport Improper Input Validation vulnerability
2017-10-24 18:33:37
cve
cve
CVE-2013-1856
2013-03-19 22:55:01
gitlab
gitlab
XML Parsing Vulnerability affecting JRuby users
2013-03-19 00:00:00
cvelist
cvelist
CVE-2013-1856
2013-03-19 22:00:00
nvd
nvd
CVE-2013-1856
2013-03-19 22:55:01
debiancve
debiancve
CVE-2013-1856
2013-03-19 22:55:01
github
github
activesupport Improper Input Validation vulnerability
2017-10-24 18:33:37
ubuntucve
ubuntucve
CVE-2013-1856
2013-03-19 00:00:00
prion
prion
Design/Logic Flaw
2013-03-19 22:55:00
openvas
openvas
Fedora Update for rubygem-activesupport FEDORA-2013-4198
2013-04-02 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2013-4198
2013-04-02 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2013-4130
2013-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: rubygem-activesupport-3.2.8-3.fc18
2013-03-30 21:27:44
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-9.fc17
2013-03-30 21:30:40
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2013-03-18 00:00:00
threatpost
threatpost
Ruby on Rails Patches DoS, XSS Vulnerabilities
2013-03-19 16:31:57
securityvulns
securityvulns
Apple Mac OS X multiple security vulnerabilities
2013-06-17 00:00:00
APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002
2013-06-17 00:00:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00

0.013 Low

EPSS

Percentile

85.8%

JSON
Related for SSV:60696
nessus6osv1cve1gitlab1cvelist1nvd1debiancve1github1ubuntucve1prion1openvas6fedora2freebsd1threatpost1securityvulns2gentoo1