 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.802115 |
| Categoría: | Web application abuses |
| Título: | Ruby on Rails 'Safe Buffer' Cross-Site Scripting Vulnerability |
| Resumen: | Ruby on Rails is prone to a cross-site scripting (XSS) vulnerability. |
| Descripción: | Summary: Ruby on Rails is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to certain methods not properly handling the 'HTML safe' mark for strings, which can lead to improperly sanitised input being returned to the user. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: Ruby on Rails version 2.x before 2.3.12, 3.0.x before 3.0.8 and 3.1.x before 3.1.0.rc2. Solution: Upgrade to Ruby on Rails version 2.3.12 or 3.0.8 or 3.1.0.rc2 or later. Apply the patch for Ruby on Rails versions 3.1.0.rc1, 3.0.7 and 2.3.11. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-2197 44789 http://secunia.com/advisories/44789 FEDORA-2011-8494 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html FEDORA-2011-8580 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html [oss-security] 20110609 CVE Request: Ruby on Rails 3/rails_xss XSS http://openwall.com/lists/oss-security/2011/06/09/2 [oss-security] 20110613 Re: CVE Request: Ruby on Rails 3/rails_xss XSS http://openwall.com/lists/oss-security/2011/06/13/9 [rubyonrails-security] 20110607 Potential XSS Vulnerability in Ruby on Rails Applications http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications |
| Copyright | Copyright (C) 2011 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |