Lucene search

K

Ubuntu.comUB:CVE-2012-1098

HistoryMar 13, 2012 - 12:00 a.m.

CVE-2012-1098

2012-03-1300:00:00

ubuntu.com

ubuntu.com

22

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.6%

Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before
3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers
to inject arbitrary web script or HTML via vectors involving a SafeBuffer
object that is manipulated through certain methods.

Bugs

Notes

Author	Note
mdeslaur	in Oneiric+, rails package is just for transition

References

groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1e3d04e913

weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

www.openwall.com/lists/oss-security/2012/03/02/6

launchpad.net/bugs/cve/CVE-2012-1098

nvd.nist.gov/vuln/detail/CVE-2012-1098

security-tracker.debian.org/tracker/CVE-2012-1098

www.cve.org/CVERecord?id=CVE-2012-1098

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.6%

Related for UB:CVE-2012-1098

prion1 nvd1 cve1 cvelist1 debiancve1 osv1 github1 gitlab1 rubygems1 fedora12 openvas24 nessus2