Detections
Analytics

FreeBSD : rubygem-rails -- multiple vulnerabilities (db0c4b00-a24c-11e2-9601-000d601460a4)

medium Nessus Plugin ID 65937

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Ruby on Rails team reports :

Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible.

Four vulnerabilities have been discovered and fixed :

- (CVE-2013-1854) Symbol DoS vulnerability in Active Record

- (CVE-2013-1855) XSS vulnerability in sanitize_css in Action Pack

- (CVE-2013-1856) XML Parsing Vulnerability affecting JRuby users

- (CVE-2013-1857) XSS Vulnerability in the `sanitize` helper of Ruby on Rails

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?92c662a9

https://groups.google.com/forum/#!topic/ruby-security-ann/o0Dsdk2WrQ0

http://www.nessus.org/u?2464e744

http://www.nessus.org/u?865e8938

http://www.nessus.org/u?7661b1e6

http://www.nessus.org/u?2c0be5e5

Plugin Details

Severity: Medium

ID: 65937

File Name: freebsd_pkg_db0c4b00a24c11e29601000d601460a4.nasl

Version: 1.6

Type: local

Published: 4/12/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:rubygem-actionpack, p-cpe:/a:freebsd:freebsd:rubygem-activerecord, p-cpe:/a:freebsd:freebsd:rubygem-activesupport, p-cpe:/a:freebsd:freebsd:rubygem-rails, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/10/2013

Vulnerability Publication Date: 3/18/2013

Reference Information

CVE: CVE-2013-1854, CVE-2013-1856, CVE-2013-1857