Denial of Service : Ruby 'REXML' parser Denial-of-Service Vulnerability (Windows)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.804889

Categoría: Denial of Service

Título: Ruby 'REXML' parser Denial-of-Service Vulnerability (Windows)

Resumen: This host is installed with Ruby and is; prone to denial-of-service vulnerability.

Descripción: Summary:
This host is installed with Ruby and is
prone to denial-of-service vulnerability.

Vulnerability Insight:
Flaw exists due to an incorrectly configured
XML parser accepting XML external entities from an untrusted source.

Vulnerability Impact:
Successful exploitation will allow attackers
to cause a denial of service (crash) condition.

Affected Software/OS:
Ruby versions Ruby 1.9.x before 1.9.3-p550,
2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 on Windows.

Solution:
Upgrade to Ruby 1.9.3-p550 or 2.0.0-p594 or
2.1.4 later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: BugTraq ID: 70935
Common Vulnerability Exposure (CVE) ID: CVE-2014-8080
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://www.securityfocus.com/bid/70935
Debian Security Information: DSA-3157 (Google Search)
http://www.debian.org/security/2015/dsa-3157
Debian Security Information: DSA-3159 (Google Search)
http://www.debian.org/security/2015/dsa-3159
http://www.mandriva.com/security/advisories?name=MDVSA-2015:129
RedHat Security Advisories: RHSA-2014:1911
http://rhn.redhat.com/errata/RHSA-2014-1911.html
RedHat Security Advisories: RHSA-2014:1912
http://rhn.redhat.com/errata/RHSA-2014-1912.html
RedHat Security Advisories: RHSA-2014:1913
http://rhn.redhat.com/errata/RHSA-2014-1913.html
RedHat Security Advisories: RHSA-2014:1914
http://rhn.redhat.com/errata/RHSA-2014-1914.html
http://secunia.com/advisories/61607
http://secunia.com/advisories/62050
http://secunia.com/advisories/62748
SuSE Security Announcement: openSUSE-SU-2014:1589 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html
SuSE Security Announcement: openSUSE-SU-2015:0002 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html
SuSE Security Announcement: openSUSE-SU-2015:0007 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html
http://www.ubuntu.com/usn/USN-2397-1

Copyright Copyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.804889
Categoría:	Denial of Service
Título:	Ruby 'REXML' parser Denial-of-Service Vulnerability (Windows)
Resumen:	This host is installed with Ruby and is; prone to denial-of-service vulnerability.
Descripción:	Summary: This host is installed with Ruby and is prone to denial-of-service vulnerability. Vulnerability Insight: Flaw exists due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. Vulnerability Impact: Successful exploitation will allow attackers to cause a denial of service (crash) condition. Affected Software/OS: Ruby versions Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 on Windows. Solution: Upgrade to Ruby 1.9.3-p550 or 2.0.0-p594 or 2.1.4 later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	BugTraq ID: 70935 Common Vulnerability Exposure (CVE) ID: CVE-2014-8080 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/70935 Debian Security Information: DSA-3157 (Google Search) http://www.debian.org/security/2015/dsa-3157 Debian Security Information: DSA-3159 (Google Search) http://www.debian.org/security/2015/dsa-3159 http://www.mandriva.com/security/advisories?name=MDVSA-2015:129 RedHat Security Advisories: RHSA-2014:1911 http://rhn.redhat.com/errata/RHSA-2014-1911.html RedHat Security Advisories: RHSA-2014:1912 http://rhn.redhat.com/errata/RHSA-2014-1912.html RedHat Security Advisories: RHSA-2014:1913 http://rhn.redhat.com/errata/RHSA-2014-1913.html RedHat Security Advisories: RHSA-2014:1914 http://rhn.redhat.com/errata/RHSA-2014-1914.html http://secunia.com/advisories/61607 http://secunia.com/advisories/62050 http://secunia.com/advisories/62748 SuSE Security Announcement: openSUSE-SU-2014:1589 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html SuSE Security Announcement: openSUSE-SU-2015:0002 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html SuSE Security Announcement: openSUSE-SU-2015:0007 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html http://www.ubuntu.com/usn/USN-2397-1
Copyright	Copyright (C) 2014 Greenbone Networks GmbH