var-201312-0118
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem. RubyGems i18n is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to RubyGems i18n 0.6.6, and 0.5.1 are vulnerable.
For the stable distribution (wheezy), these problems have been fixed in version 3.2.6-6+deb7u1.
For the unstable distribution (sid), this problem has been fixed in version 3.2.16-3+0 of the rails-3.2 source package.
We recommend that you upgrade your ruby-actionpack-3.2 packages. Relevant releases/architectures:
OpenStack 3 - noarch
- An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Subscription Asset Manager 1.4 security update Advisory ID: RHSA-2014:1863-01 Product: Red Hat Subscription Asset Manager Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1863.html Issue date: 2014-11-17 CVE Names: CVE-2013-1854 CVE-2013-1855 CVE-2013-1857 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2014-0130 =====================================================================
- Summary:
Updated Subscription Asset Manager 1.4 packages that fix multiple security issues are now available.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Subscription Asset Manager for RHEL 6 Server - noarch
- Description:
Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. Red Hat Subscription Asset Manager is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.
A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request. (CVE-2014-0130)
A flaw was found in the way Ruby on Rails handled hashes in certain queries. A remote attacker could use this flaw to perform a denial of service (resource consumption) attack by sending specially crafted queries that would result in the creation of Ruby symbols, which were never garbage collected. (CVE-2013-1854)
Two cross-site scripting (XSS) flaws were found in Action Pack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using Action Pack. A remote attacker could possibly use this flaw to perform a reflective cross-site scripting (XSS) attack by providing a specially crafted input to an application using the aforementioned component. (CVE-2013-4491)
A denial of service flaw was found in the header handling component of Action View. A remote attacker could send strings in specially crafted headers that would be cached indefinitely, which would result in all available system memory eventually being consumed. (CVE-2013-6414)
It was found that the number_to_currency Action View helper did not properly escape the unit parameter. An attacker could use this flaw to perform a cross-site scripting (XSS) attack on an application that uses data submitted by a user in the unit parameter. (CVE-2013-6415)
Red Hat would like to thank Ruby on Rails upstream for reporting these issues. Upstream acknowledges Ben Murphy as the original reporter of CVE-2013-1854, Charlie Somerville as the original reporter of CVE-2013-1855, Alan Jenkins as the original reporter of CVE-2013-1857, Peter McLarnan as the original reporter of CVE-2013-4491, Toby Hsieh as the original reporter of CVE-2013-6414, and Ankit Gupta as the original reporter of CVE-2013-6415.
All Subscription Asset Manager users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
921329 - CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability 921331 - CVE-2013-1855 rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css 921335 - CVE-2013-1857 rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the helper of Ruby on Rails 1036483 - CVE-2013-6414 rubygem-actionpack: Action View DoS 1036910 - CVE-2013-6415 rubygem-actionpack: number_to_currency XSS 1036922 - CVE-2013-4491 rubygem-actionpack: i18n missing translation XSS 1095105 - CVE-2014-0130 rubygem-actionpack: directory traversal issue
- Package List:
Red Hat Subscription Asset Manager for RHEL 6 Server:
Source: katello-1.4.3.28-1.el6sam_splice.src.rpm ruby193-rubygem-actionmailer-3.2.17-1.el6sam.src.rpm ruby193-rubygem-actionpack-3.2.17-6.el6sam.src.rpm ruby193-rubygem-activemodel-3.2.17-1.el6sam.src.rpm ruby193-rubygem-activerecord-3.2.17-5.el6sam.src.rpm ruby193-rubygem-activeresource-3.2.17-1.el6sam.src.rpm ruby193-rubygem-activesupport-3.2.17-2.el6sam.src.rpm ruby193-rubygem-i18n-0.6.9-1.el6sam.src.rpm ruby193-rubygem-mail-2.5.4-1.el6sam.src.rpm ruby193-rubygem-rack-1.4.5-3.el6sam.src.rpm ruby193-rubygem-rails-3.2.17-1.el6sam.src.rpm ruby193-rubygem-railties-3.2.17-1.el6sam.src.rpm
noarch: katello-common-1.4.3.28-1.el6sam_splice.noarch.rpm katello-glue-candlepin-1.4.3.28-1.el6sam_splice.noarch.rpm katello-glue-elasticsearch-1.4.3.28-1.el6sam_splice.noarch.rpm katello-headpin-1.4.3.28-1.el6sam_splice.noarch.rpm katello-headpin-all-1.4.3.28-1.el6sam_splice.noarch.rpm ruby193-rubygem-actionmailer-3.2.17-1.el6sam.noarch.rpm ruby193-rubygem-actionpack-3.2.17-6.el6sam.noarch.rpm ruby193-rubygem-activemodel-3.2.17-1.el6sam.noarch.rpm ruby193-rubygem-activerecord-3.2.17-5.el6sam.noarch.rpm ruby193-rubygem-activeresource-3.2.17-1.el6sam.noarch.rpm ruby193-rubygem-activesupport-3.2.17-2.el6sam.noarch.rpm ruby193-rubygem-i18n-0.6.9-1.el6sam.noarch.rpm ruby193-rubygem-mail-2.5.4-1.el6sam.noarch.rpm ruby193-rubygem-rack-1.4.5-3.el6sam.noarch.rpm ruby193-rubygem-rails-3.2.17-1.el6sam.noarch.rpm ruby193-rubygem-railties-3.2.17-1.el6sam.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2013-1854 https://access.redhat.com/security/cve/CVE-2013-1855 https://access.redhat.com/security/cve/CVE-2013-1857 https://access.redhat.com/security/cve/CVE-2013-4491 https://access.redhat.com/security/cve/CVE-2013-6414 https://access.redhat.com/security/cve/CVE-2013-6415 https://access.redhat.com/security/cve/CVE-2014-0130 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUai7iXlSAg2UNWIIRAmtEAJ9m+ZUXuva81fLz9G1CLKYi5aJoHACfcd3y SoVal0zNgx0pwtSAkS1q5/0= =i5aK -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0118",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruby on rails",
"scope": "eq",
"trust": 1.6,
"vendor": "rubyonrails",
"version": "3.2.15"
},
{
"model": "ruby on rails",
"scope": "eq",
"trust": 1.6,
"vendor": "rubyonrails",
"version": "3.2.14"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.1"
},
{
"model": "rails",
"scope": "lte",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "4.0.1"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.7"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.9"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.2"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.5"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.11"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.3"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.1.7"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.1.8"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.1"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.3"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.8"
},
{
"model": "ruby on rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.4"
},
{
"model": "ruby on rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.1.11"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.9"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.6"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.14"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "4.0.0"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.7"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.18"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.1.9"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.12"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.2"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.16"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.11"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.4"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.12"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.10"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.1.4"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.6"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.19"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.1.10"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.1.5"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.8"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.4"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.1.1"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.1.3"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.0"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.1.6"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.1.2"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.1.0"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.13"
},
{
"model": "ruby on rails",
"scope": "lte",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.15"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "4.0.1"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.5"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.13"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.10"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.2.0"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.17"
},
{
"model": "rails",
"scope": "eq",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "3.0.20"
},
{
"model": "rails",
"scope": "lt",
"trust": 0.8,
"vendor": "ruby on rails",
"version": "4.x"
},
{
"model": "rails",
"scope": "lt",
"trust": 0.8,
"vendor": "ruby on rails",
"version": "3.x"
},
{
"model": "rails",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby on rails",
"version": "3.2.16"
},
{
"model": "rails",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby on rails",
"version": "4.0.2"
},
{
"model": "ruby on rails",
"scope": "eq",
"trust": 0.6,
"vendor": "rubyonrails",
"version": "3.2.12"
},
{
"model": "ruby on rails",
"scope": "eq",
"trust": 0.6,
"vendor": "rubyonrails",
"version": "3.2.13"
},
{
"model": "webyast",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "1.3"
},
{
"model": "studio onsite",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "1.3"
},
{
"model": "lifecycle management server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "1.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.2"
},
{
"model": "i18n",
"scope": "eq",
"trust": 0.3,
"vendor": "rubygems",
"version": "0.6.5"
},
{
"model": "i18n",
"scope": "eq",
"trust": 0.3,
"vendor": "rubygems",
"version": "0.5.0"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "4.0.1"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "4.0"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.13"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.12"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.11"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.10"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.8"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.7"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.6"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.4"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.2"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.12"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.11"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.9"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.8"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.7"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.6"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.5"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.4"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.2"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.6"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.15"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.8"
},
{
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.7"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1"
},
{
"model": "chef",
"scope": "eq",
"trust": 0.3,
"vendor": "opscode",
"version": "11.1.2"
},
{
"model": "security network protection xgs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.1.1"
},
{
"model": "security network protection xgs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.1"
},
{
"model": "security network protection xgs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "i18n",
"scope": "ne",
"trust": 0.3,
"vendor": "rubygems",
"version": "0.6.6"
},
{
"model": "i18n",
"scope": "ne",
"trust": 0.3,
"vendor": "rubygems",
"version": "0.5.1"
},
{
"model": "on rails ruby on rails",
"scope": "ne",
"trust": 0.3,
"vendor": "ruby",
"version": "4.0.2"
},
{
"model": "on rails ruby on rails",
"scope": "ne",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.16"
},
{
"model": "puppet enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1.1"
},
{
"model": "chef",
"scope": "ne",
"trust": 0.3,
"vendor": "opscode",
"version": "11.1.3"
}
],
"sources": [
{
"db": "BID",
"id": "64076"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005367"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-123"
},
{
"db": "NVD",
"id": "CVE-2013-4491"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rubyonrails:ruby_on_rails",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005367"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Peter McLarnan of Matasano Security.",
"sources": [
{
"db": "BID",
"id": "64076"
}
],
"trust": 0.3
},
"cve": "CVE-2013-4491",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-4491",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4491",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-4491",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-123",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005367"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-123"
},
{
"db": "NVD",
"id": "CVE-2013-4491"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem. RubyGems i18n is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nVersions prior to RubyGems i18n 0.6.6, and 0.5.1 are vulnerable. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.6-6+deb7u1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.16-3+0 of the rails-3.2 source package. \n\nWe recommend that you upgrade your ruby-actionpack-3.2 packages. Relevant releases/architectures:\n\nOpenStack 3 - noarch\n\n3. \nAn application using a third party library, which uses the Rack::Request\ninterface, or custom Rack middleware could bypass the protection\nimplemented to fix the CVE-2013-0155 vulnerability, causing the application\nto receive unsafe parameters and become vulnerable to CVE-2013-0155. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Subscription Asset Manager 1.4 security update\nAdvisory ID: RHSA-2014:1863-01\nProduct: Red Hat Subscription Asset Manager\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-1863.html\nIssue date: 2014-11-17\nCVE Names: CVE-2013-1854 CVE-2013-1855 CVE-2013-1857 \n CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 \n CVE-2014-0130 \n=====================================================================\n\n1. Summary:\n\nUpdated Subscription Asset Manager 1.4 packages that fix multiple security\nissues are now available. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Subscription Asset Manager for RHEL 6 Server - noarch\n\n3. Description:\n\nRed Hat Subscription Asset Manager acts as a proxy for handling\nsubscription information and software updates on client machines. Red Hat\nSubscription Asset Manager is built on Ruby on Rails, a\nmodel-view-controller (MVC) framework for web application development. \nAction Pack implements the controller and the view components. \n\nA directory traversal flaw was found in the way Ruby on Rails handled\nwildcard segments in routes with implicit rendering. A remote attacker\ncould use this flaw to retrieve arbitrary local files accessible to a Ruby\non Rails application using the aforementioned routes via a specially\ncrafted request. (CVE-2014-0130)\n\nA flaw was found in the way Ruby on Rails handled hashes in certain\nqueries. A remote attacker could use this flaw to perform a denial of\nservice (resource consumption) attack by sending specially crafted queries\nthat would result in the creation of Ruby symbols, which were never garbage\ncollected. (CVE-2013-1854)\n\nTwo cross-site scripting (XSS) flaws were found in Action Pack. A remote\nattacker could use these flaws to conduct XSS attacks against users of an\napplication using Action Pack. A remote attacker could possibly use this flaw to\nperform a reflective cross-site scripting (XSS) attack by providing a\nspecially crafted input to an application using the aforementioned\ncomponent. (CVE-2013-4491)\n\nA denial of service flaw was found in the header handling component of\nAction View. A remote attacker could send strings in specially crafted\nheaders that would be cached indefinitely, which would result in all\navailable system memory eventually being consumed. (CVE-2013-6414)\n\nIt was found that the number_to_currency Action View helper did not\nproperly escape the unit parameter. An attacker could use this flaw to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user in the unit parameter. (CVE-2013-6415)\n\nRed Hat would like to thank Ruby on Rails upstream for reporting these\nissues. Upstream acknowledges Ben Murphy as the original reporter of\nCVE-2013-1854, Charlie Somerville as the original reporter of\nCVE-2013-1855, Alan Jenkins as the original reporter of CVE-2013-1857,\nPeter McLarnan as the original reporter of CVE-2013-4491, Toby Hsieh as the\noriginal reporter of CVE-2013-6414, and Ankit Gupta as the original\nreporter of CVE-2013-6415. \n\nAll Subscription Asset Manager users are advised to upgrade to these\nupdated packages, which contain backported patches to correct these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n921329 - CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability\n921331 - CVE-2013-1855 rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css\n921335 - CVE-2013-1857 rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the helper of Ruby on Rails\n1036483 - CVE-2013-6414 rubygem-actionpack: Action View DoS\n1036910 - CVE-2013-6415 rubygem-actionpack: number_to_currency XSS\n1036922 - CVE-2013-4491 rubygem-actionpack: i18n missing translation XSS\n1095105 - CVE-2014-0130 rubygem-actionpack: directory traversal issue\n\n6. Package List:\n\nRed Hat Subscription Asset Manager for RHEL 6 Server:\n\nSource:\nkatello-1.4.3.28-1.el6sam_splice.src.rpm\nruby193-rubygem-actionmailer-3.2.17-1.el6sam.src.rpm\nruby193-rubygem-actionpack-3.2.17-6.el6sam.src.rpm\nruby193-rubygem-activemodel-3.2.17-1.el6sam.src.rpm\nruby193-rubygem-activerecord-3.2.17-5.el6sam.src.rpm\nruby193-rubygem-activeresource-3.2.17-1.el6sam.src.rpm\nruby193-rubygem-activesupport-3.2.17-2.el6sam.src.rpm\nruby193-rubygem-i18n-0.6.9-1.el6sam.src.rpm\nruby193-rubygem-mail-2.5.4-1.el6sam.src.rpm\nruby193-rubygem-rack-1.4.5-3.el6sam.src.rpm\nruby193-rubygem-rails-3.2.17-1.el6sam.src.rpm\nruby193-rubygem-railties-3.2.17-1.el6sam.src.rpm\n\nnoarch:\nkatello-common-1.4.3.28-1.el6sam_splice.noarch.rpm\nkatello-glue-candlepin-1.4.3.28-1.el6sam_splice.noarch.rpm\nkatello-glue-elasticsearch-1.4.3.28-1.el6sam_splice.noarch.rpm\nkatello-headpin-1.4.3.28-1.el6sam_splice.noarch.rpm\nkatello-headpin-all-1.4.3.28-1.el6sam_splice.noarch.rpm\nruby193-rubygem-actionmailer-3.2.17-1.el6sam.noarch.rpm\nruby193-rubygem-actionpack-3.2.17-6.el6sam.noarch.rpm\nruby193-rubygem-activemodel-3.2.17-1.el6sam.noarch.rpm\nruby193-rubygem-activerecord-3.2.17-5.el6sam.noarch.rpm\nruby193-rubygem-activeresource-3.2.17-1.el6sam.noarch.rpm\nruby193-rubygem-activesupport-3.2.17-2.el6sam.noarch.rpm\nruby193-rubygem-i18n-0.6.9-1.el6sam.noarch.rpm\nruby193-rubygem-mail-2.5.4-1.el6sam.noarch.rpm\nruby193-rubygem-rack-1.4.5-3.el6sam.noarch.rpm\nruby193-rubygem-rails-3.2.17-1.el6sam.noarch.rpm\nruby193-rubygem-railties-3.2.17-1.el6sam.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-1854\nhttps://access.redhat.com/security/cve/CVE-2013-1855\nhttps://access.redhat.com/security/cve/CVE-2013-1857\nhttps://access.redhat.com/security/cve/CVE-2013-4491\nhttps://access.redhat.com/security/cve/CVE-2013-6414\nhttps://access.redhat.com/security/cve/CVE-2013-6415\nhttps://access.redhat.com/security/cve/CVE-2014-0130\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUai7iXlSAg2UNWIIRAmtEAJ9m+ZUXuva81fLz9G1CLKYi5aJoHACfcd3y\nSoVal0zNgx0pwtSAkS1q5/0=\n=i5aK\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4491"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005367"
},
{
"db": "BID",
"id": "64076"
},
{
"db": "PACKETSTORM",
"id": "125923"
},
{
"db": "PACKETSTORM",
"id": "124669"
},
{
"db": "PACKETSTORM",
"id": "124305"
},
{
"db": "PACKETSTORM",
"id": "129131"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4491",
"trust": 3.1
},
{
"db": "BID",
"id": "64076",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "57836",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005367",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-123",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "125923",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124669",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124305",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129131",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "64076"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005367"
},
{
"db": "PACKETSTORM",
"id": "125923"
},
{
"db": "PACKETSTORM",
"id": "124669"
},
{
"db": "PACKETSTORM",
"id": "124305"
},
{
"db": "PACKETSTORM",
"id": "129131"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-123"
},
{
"db": "NVD",
"id": "CVE-2013-4491"
}
]
},
"id": "VAR-201312-0118",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24090908
},
"last_update_date": "2024-11-23T20:02:43.087000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Enterprise Chef 11.1.3 Release",
"trust": 0.8,
"url": "https://www.chef.io/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"title": "[CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails",
"trust": 0.8,
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"
},
{
"title": "openSUSE-SU-2013:1904",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"
},
{
"title": "openSUSE-SU-2013:1906",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"
},
{
"title": "openSUSE-SU-2013:1907",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"
},
{
"title": "Rails 3.2.16 and 4.0.2 have been released!",
"trust": 0.8,
"url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"
},
{
"title": "RHSA-2014:1863",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2014-1863.html"
},
{
"title": "RHSA-2014:0008",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2014-0008.html"
},
{
"title": "RHSA-2013:1794",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005367"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005367"
},
{
"db": "NVD",
"id": "CVE-2013-4491"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0008.html"
},
{
"trust": 2.0,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1794.html"
},
{
"trust": 1.9,
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1863.html"
},
{
"trust": 1.6,
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/plrh6duw998/blfeyio4k_ej"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/64076"
},
{
"trust": 1.6,
"url": "http://weblog.rubyonrails.org/2013/12/3/rails_3_2_16_and_4_0_2_have_been_released/"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/57836"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2014/dsa-2888"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"
},
{
"trust": 1.6,
"url": "https://puppet.com/security/cve/cve-2013-4491"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4491"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4491"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6414"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4491"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6415"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036922"
},
{
"trust": 0.3,
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/"
},
{
"trust": 0.3,
"url": "http://puppetlabs.com/security/cve/cve-2013-4491"
},
{
"trust": 0.3,
"url": "http://www.rubyonrails.com/"
},
{
"trust": 0.3,
"url": "rubygems.org/gems/i18n"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665279"
},
{
"trust": 0.3,
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140734-1.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6417"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6414.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6417.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4491.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6415.html"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-1855"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-1857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1857"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-4491"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-1854"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-6415"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1855"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-6414"
}
],
"sources": [
{
"db": "BID",
"id": "64076"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005367"
},
{
"db": "PACKETSTORM",
"id": "125923"
},
{
"db": "PACKETSTORM",
"id": "124669"
},
{
"db": "PACKETSTORM",
"id": "124305"
},
{
"db": "PACKETSTORM",
"id": "129131"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-123"
},
{
"db": "NVD",
"id": "CVE-2013-4491"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "64076"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005367"
},
{
"db": "PACKETSTORM",
"id": "125923"
},
{
"db": "PACKETSTORM",
"id": "124669"
},
{
"db": "PACKETSTORM",
"id": "124305"
},
{
"db": "PACKETSTORM",
"id": "129131"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-123"
},
{
"db": "NVD",
"id": "CVE-2013-4491"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-03T00:00:00",
"db": "BID",
"id": "64076"
},
{
"date": "2013-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005367"
},
{
"date": "2014-03-28T19:44:00",
"db": "PACKETSTORM",
"id": "125923"
},
{
"date": "2014-01-06T23:18:51",
"db": "PACKETSTORM",
"id": "124669"
},
{
"date": "2013-12-06T01:04:06",
"db": "PACKETSTORM",
"id": "124305"
},
{
"date": "2014-11-17T23:30:56",
"db": "PACKETSTORM",
"id": "129131"
},
{
"date": "2013-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-123"
},
{
"date": "2013-12-07T00:55:03.553000",
"db": "NVD",
"id": "CVE-2013-4491"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-13T21:56:00",
"db": "BID",
"id": "64076"
},
{
"date": "2015-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005367"
},
{
"date": "2019-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-123"
},
{
"date": "2024-11-21T01:55:40.540000",
"db": "NVD",
"id": "CVE-2013-4491"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-123"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruby on Rails of internationalization Component cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005367"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "125923"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-123"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.