Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26982
HistorySep 09, 2011 - 12:00 a.m.

[SECURITY] [DSA 2301-1] rails security update

2011-09-0900:00:00
vulners.com
36
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA-2301-1 [email protected]
http://www.debian.org/security/ Luciano Bello
September 5, 2011 http://www.debian.org/security/faq

Package : rails
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-2930 CVE-2011-2931 CVE-2011-3186 CVE-2009-4214

Several vulnerabilities have been discovered in Rails, the Ruby web
application framework. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2009-4214

A cross-site scripting (XSS) vulnerability had been found in the
strip_tags function. An attacker may inject non-printable characters
that certain browsers will then evaluate. This vulnerability only
affects the oldstable distribution (lenny).

CVE-2011-2930

A SQL injection vulnerability had been found in the quote_table_name
method could allow malicious users to inject arbitrary SQL into a
query.

CVE-2011-2931

A cross-site scripting (XSS) vulnerability had been found in the
strip_tags  helper. An parsing error can be exploited by an attacker,
who can confuse the parser and may inject HTML tags into the output
document.

CVE-2011-3186

A newline (CRLF) injection vulnerability had been found in
response.rb. This vulnerability allows an attacker to inject arbitrary
HTTP headers and conduct HTTP response splitting attacks via the
Content-Type header.

For the oldstable distribution (lenny), this problem has been fixed in
version 2.1.0-7+lenny1.

For the stable distribution (squeeze), this problem has been fixed in
version 2.3.5-1.2+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 2.3.14.

We recommend that you upgrade your rails packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJOZS+XAAoJEOxfUAG2iX57/RoIANAWqvaKoG3V5sfmVzREDG4M
qcnQ3RhaVc//I2RuvPDSY9zDbE4OfgNYRtAnk3j7kbVf0U4ohs9TNTJqy1uCYjZn
dA6b27JdgxgXnRFM0AvHfYOyA/V2+w4ykwfAjGJG2hcmCxxkofDkzbf/WKrGinYV
o+NEF5QEU5y84Z+4EvFYEP+zmMShIvoBU/Fui+TNzxEh3MSRumMdJoJfV2MdSO+m
C98R6hx1Q8nxmNCZpPXAWttfGomhtTXAwYIlywR0pqxyrBpsaEleNLbDPaNnr2/D
Jph+q3Mv5nRteRfMRyX0bmqguSYsa0TIFZlL5vvIRGBw+b7Q4wIL0ywRvWqxLGU=
=r9kt
-----END PGP SIGNATURE-----

Related

openvas 40
osv 7
debian 3
nessus 18
securityvulns 1
fedora 13
gitlab 3
prion 4
ubuntucve 4
debiancve 4
github 4
cve 5
gentoo 2
threatpost 1
openvas
openvas
Debian Security Advisory DSA 2301-2 (rails)
2012-02-11 00:00:00
Debian Security Advisory DSA 2301-1 (rails)
2011-09-21 00:00:00
Debian: Security Advisory (DSA-2301-1)
2011-09-21 00:00:00
osv
osv
rails - several
2012-01-23 00:00:00
rails - several
2012-01-23 00:00:00
activerecord vulnerable to SQL Injection
2017-10-24 18:33:38
debian
debian
[SECURITY] [DSA 2301-1] rails security update
2011-09-05 20:25:54
[SECURITY] [DSA 2301-2] rails regression
2012-01-23 18:35:53
[SECURITY] [DSA 2259-1] rails security update
2011-06-14 18:57:49
nessus
nessus
Debian DSA-2301-2 : rails - several vulnerabilities
2011-09-06 00:00:00
Fedora 14 : rubygem-actionpack-2.3.8-4.fc14 (2011-11567)
2011-09-07 00:00:00
Fedora 16 : rubygem-actionmailer-3.0.10-1.fc16 / rubygem-actionpack-3.0.10-1.fc16 / etc (2011-11386)
2011-09-07 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-09-09 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: rubygem-activerecord-3.0.10-1.fc16
2011-09-07 03:23:00
[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-1.fc16
2011-09-07 03:23:00
[SECURITY] Fedora 16 Update: rubygem-activeresource-3.0.10-1.fc16
2011-09-07 03:23:00
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2017-10-24 00:00:00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
2017-10-24 00:00:00
Response Splitting Vulnerability in Ruby on Rails
2011-08-29 00:00:00
prion
prion
Cross site scripting
2011-08-29 18:55:00
Sql injection
2011-08-29 18:55:00
Crlf injection
2011-08-29 18:55:00
ubuntucve
ubuntucve
CVE-2011-2931
2011-08-29 00:00:00
CVE-2011-3186
2011-08-29 00:00:00
CVE-2011-2930
2011-08-29 00:00:00
debiancve
debiancve
CVE-2011-2931
2011-08-29 18:55:00
CVE-2011-2930
2011-08-29 18:55:00
CVE-2009-4214
2009-12-07 17:30:00
github
github
activerecord vulnerable to SQL Injection
2017-10-24 18:33:38
actionpack Cross-site Scripting vulnerability
2017-10-24 18:33:38
Moderate severity vulnerability that affects rails
2017-10-24 18:33:38
cve
cve
CVE-2011-2931
2011-08-29 18:55:00
CVE-2011-2930
2011-08-29 18:55:00
CVE-2011-3186
2011-08-29 18:55:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
Ruby on Rails: Multiple vulnerabilities
2009-12-20 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44
JSON
Related for SECURITYVULNS:DOC:26982
openvas40osv7debian3nessus18securityvulns1fedora13gitlab3prion4ubuntucve4debiancve4github4cve5gentoo2threatpost1