Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.802115
Kategorie:Web application abuses
Titel:Ruby on Rails 'Safe Buffer' Cross-Site Scripting Vulnerability
Zusammenfassung:This host is running Ruby on Rails and is prone to cross-site; scripting vulnerability.
Beschreibung:Summary:
This host is running Ruby on Rails and is prone to cross-site
scripting vulnerability.

Vulnerability Insight:
The flaw is due to certain methods not properly handling the
'HTML safe' mark for strings, which can lead to improperly sanitised input being returned to the user.

Vulnerability Impact:
Successful exploitation will allow attackers to execute arbitrary HTML and
script code in a user's browser session in the context of an affected site.

Affected Software/OS:
Ruby on Rails version 2.x before 2.3.12, 3.0.x before 3.0.8 and
3.1.x before 3.1.0.rc2.

Solution:
Upgrade to Ruby on Rails version 2.3.12 or 3.0.8 or 3.1.0.rc2 or later. Apply the patch for Ruby on Rails versions 3.1.0.rc1, 3.0.7 and 2.3.11.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-2197
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html
http://openwall.com/lists/oss-security/2011/06/09/2
http://openwall.com/lists/oss-security/2011/06/13/9
http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain
http://secunia.com/advisories/44789
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.