FreeBSD : ruby -- UTF-7 encoding XSS vulnerability in WEBrick (34e0316a-aa91-11df-8c2e-001517289bf8)

medium Nessus Plugin ID 48370

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The official ruby site reports :

WEBrick have had a cross-site scripting vulnerability that allows an attacker to inject arbitrary script or HTML via a crafted URI. This does not affect user agents that strictly implement HTTP/1.1, however, some user agents do not.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?608f461e

http://www.nessus.org/u?eafac5d5

Plugin Details

Severity: Medium

ID: 48370

File Name: freebsd_pkg_34e0316aaa9111df8c2e001517289bf8.nasl

Version: 1.14

Type: local

Published: 8/19/2010

Updated: 1/6/2021

Risk Information

VPR

Risk Factor: Low

Score: 3

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ruby, p-cpe:/a:freebsd:freebsd:ruby%2boniguruma, p-cpe:/a:freebsd:freebsd:ruby%2bpthreads, p-cpe:/a:freebsd:freebsd:ruby%2bpthreads%2boniguruma, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/17/2010

Vulnerability Publication Date: 8/16/2010

Reference Information

CVE: CVE-2010-0541

BID: 40895