All the vulnerabilites related to suse - webyast
cve-2011-4315
Vulnerability from cvelistv5
Published
2011-12-08 20:00
Modified
2024-08-07 00:01
Severity ?
Summary
Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:01:51.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20111117 Re: CVE Request: nginx resolver heap overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/11/17/10"
          },
          {
            "name": "FEDORA-2011-16075",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html"
          },
          {
            "name": "SUSE-SU-2011:1300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.nginx.org/en/CHANGES-1.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://trac.nginx.org/nginx/changeset/4268/nginx"
          },
          {
            "name": "[oss-security] 20111117 CVE Request: nginx resolver heap overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/11/17/8"
          },
          {
            "name": "48577",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48577"
          },
          {
            "name": "47097",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47097"
          },
          {
            "name": "GLSA-201203-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
          },
          {
            "name": "50710",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/50710"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-06-09T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20111117 Re: CVE Request: nginx resolver heap overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/11/17/10"
        },
        {
          "name": "FEDORA-2011-16075",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html"
        },
        {
          "name": "SUSE-SU-2011:1300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.nginx.org/en/CHANGES-1.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://trac.nginx.org/nginx/changeset/4268/nginx"
        },
        {
          "name": "[oss-security] 20111117 CVE Request: nginx resolver heap overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/11/17/8"
        },
        {
          "name": "48577",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48577"
        },
        {
          "name": "47097",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47097"
        },
        {
          "name": "GLSA-201203-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
        },
        {
          "name": "50710",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/50710"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4315",
    "datePublished": "2011-12-08T20:00:00",
    "dateReserved": "2011-11-04T00:00:00",
    "dateUpdated": "2024-08-07T00:01:51.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3709
Vulnerability from cvelistv5
Published
2013-12-23 23:00
Modified
2024-08-06 16:14
Severity ?
Summary
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:14:56.756Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2013:1961",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00014.html"
          },
          {
            "name": "SUSE-SU-2014:0022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00001.html"
          },
          {
            "name": "openSUSE-SU-2013:1952",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2013:1954",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00013.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb"
          },
          {
            "name": "SUSE-SU-2013:1894",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=851116"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-07T13:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2013:1961",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00014.html"
        },
        {
          "name": "SUSE-SU-2014:0022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00001.html"
        },
        {
          "name": "openSUSE-SU-2013:1952",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2013:1954",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00013.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb"
        },
        {
          "name": "SUSE-SU-2013:1894",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=851116"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-3709",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2013:1961",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00014.html"
            },
            {
              "name": "SUSE-SU-2014:0022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00001.html"
            },
            {
              "name": "openSUSE-SU-2013:1952",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00012.html"
            },
            {
              "name": "openSUSE-SU-2013:1954",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00013.html"
            },
            {
              "name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb",
              "refsource": "MISC",
              "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb"
            },
            {
              "name": "SUSE-SU-2013:1894",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00006.html"
            },
            {
              "name": "https://bugzilla.novell.com/show_bug.cgi?id=851116",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=851116"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-3709",
    "datePublished": "2013-12-23T23:00:00",
    "dateReserved": "2013-05-30T00:00:00",
    "dateUpdated": "2024-08-06T16:14:56.756Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4547
Vulnerability from cvelistv5
Published
2013-11-23 18:00
Modified
2024-08-06 16:45
Severity ?
Summary
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
References
http://secunia.com/advisories/55757third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/55825third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/55822third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.htmlvendor-advisory, x_refsource_SUSE
http://www.debian.org/security/2012/dsa-2802vendor-advisory, x_refsource_DEBIAN
http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.htmlmailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:15.058Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55757",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55757"
          },
          {
            "name": "SUSE-SU-2013:1895",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html"
          },
          {
            "name": "openSUSE-SU-2013:1745",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html"
          },
          {
            "name": "55825",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55825"
          },
          {
            "name": "55822",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55822"
          },
          {
            "name": "openSUSE-SU-2013:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html"
          },
          {
            "name": "openSUSE-SU-2013:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html"
          },
          {
            "name": "DSA-2802",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2802"
          },
          {
            "name": "[nginx-announce] 20131119 nginx security advisory (CVE-2013-4547)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-11-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-17T15:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "55757",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55757"
        },
        {
          "name": "SUSE-SU-2013:1895",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html"
        },
        {
          "name": "openSUSE-SU-2013:1745",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html"
        },
        {
          "name": "55825",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55825"
        },
        {
          "name": "55822",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55822"
        },
        {
          "name": "openSUSE-SU-2013:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html"
        },
        {
          "name": "openSUSE-SU-2013:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html"
        },
        {
          "name": "DSA-2802",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2802"
        },
        {
          "name": "[nginx-announce] 20131119 nginx security advisory (CVE-2013-4547)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55757",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55757"
            },
            {
              "name": "SUSE-SU-2013:1895",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html"
            },
            {
              "name": "openSUSE-SU-2013:1745",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html"
            },
            {
              "name": "55825",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55825"
            },
            {
              "name": "55822",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55822"
            },
            {
              "name": "openSUSE-SU-2013:1792",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html"
            },
            {
              "name": "openSUSE-SU-2013:1791",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html"
            },
            {
              "name": "DSA-2802",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2802"
            },
            {
              "name": "[nginx-announce] 20131119 nginx security advisory (CVE-2013-4547)",
              "refsource": "MLIST",
              "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4547",
    "datePublished": "2013-11-23T18:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:15.058Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-0435
Vulnerability from cvelistv5
Published
2013-01-26 21:00
Modified
2024-09-16 16:27
Severity ?
Summary
SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:23:31.028Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#806908",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/806908"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/security/cve/CVE-2012-0435.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=792712"
          },
          {
            "name": "SUSE-SU-2013:0053",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-01-26T21:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "VU#806908",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/806908"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/security/cve/CVE-2012-0435.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=792712"
        },
        {
          "name": "SUSE-SU-2013:0053",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00008.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-0435",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#806908",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/806908"
            },
            {
              "name": "http://support.novell.com/security/cve/CVE-2012-0435.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/security/cve/CVE-2012-0435.html"
            },
            {
              "name": "https://bugzilla.novell.com/show_bug.cgi?id=792712",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=792712"
            },
            {
              "name": "SUSE-SU-2013:0053",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00008.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-0435",
    "datePublished": "2013-01-26T21:00:00Z",
    "dateReserved": "2012-01-09T00:00:00Z",
    "dateUpdated": "2024-09-16T16:27:44.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2013-01-26 21:55
Modified
2024-11-21 01:34
Severity ?
Summary
SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984.
Impacted products
Vendor Product Version
suse webyast 1.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:webyast:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3DB92F3-F16A-4304-AA90-DB5325814F6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984."
    },
    {
      "lang": "es",
      "value": "SUSE WebYaST anterior a v1.2 0.2.63-0.6.1 permite atacantes remotos modificar la lista de hosts y posteriormente producir ataques man-in-the-middle a trav\u00e9s de una petici\u00f3n /host modificada al puerto TCP 4984."
    }
  ],
  "id": "CVE-2012-0435",
  "lastModified": "2024-11-21T01:34:57.760",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-01-26T21:55:00.913",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.novell.com/security/cve/CVE-2012-0435.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/806908"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.novell.com/show_bug.cgi?id=792712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.novell.com/security/cve/CVE-2012-0435.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/806908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.novell.com/show_bug.cgi?id=792712"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-12-08 20:55
Modified
2024-11-21 01:32
Severity ?
Summary
Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/11/17/10Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/11/17/8Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/47097Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/48577Third Party Advisory
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201203-22.xmlThird Party Advisory
secalert@redhat.comhttp://trac.nginx.org/nginx/changeset/4268/nginxIssue Tracking, Patch, Vendor Advisory
secalert@redhat.comhttp://www.nginx.org/en/CHANGES-1.0Release Notes, Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/50710Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/11/17/10Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/11/17/8Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47097Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48577Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201203-22.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://trac.nginx.org/nginx/changeset/4268/nginxIssue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.nginx.org/en/CHANGES-1.0Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/50710Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
f5 nginx *
f5 nginx *
fedoraproject fedora 16
suse studio 1.2
suse studio_onsite 1.2
suse webyast 1.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F92F127-6CBE-43EE-9E40-3FA89656A225",
              "versionEndExcluding": "1.0.10",
              "versionStartIncluding": "0.6.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "67542E52-9201-4AC8-BB9E-0F93D7DC968C",
              "versionEndIncluding": "1.1.7",
              "versionStartIncluding": "1.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
              "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:studio:1.2:*:*:*:standard:*:*:*",
              "matchCriteriaId": "234A6341-7A0E-42BB-A653-11064B6F110C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:studio_onsite:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E523A94D-9ECA-43C2-B96F-0D2C77D3F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:webyast:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3DB92F3-F16A-4304-AA90-DB5325814F6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en el procesamiento de compresi\u00f3n puntero en core/ngx_resolver.c en nginx antes de v1.0.10 permite a resolvers remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) o posiblemente tener un impacto no especificado a trav\u00e9s de una respuesta larga."
    }
  ],
  "id": "CVE-2011-4315",
  "lastModified": "2024-11-21T01:32:13.230",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-12-08T20:55:01.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/11/17/10"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/11/17/8"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/47097"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/48577"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://trac.nginx.org/nginx/changeset/4268/nginx"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://www.nginx.org/en/CHANGES-1.0"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/50710"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/11/17/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/11/17/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/47097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/48577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://trac.nginx.org/nginx/changeset/4268/nginx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://www.nginx.org/en/CHANGES-1.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/50710"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-11-23 18:55
Modified
2024-11-21 01:55
Severity ?
Summary
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00084.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00118.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00119.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://mailman.nginx.org/pipermail/nginx-announce/2013/000125.htmlMitigation, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/55757Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/55822Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/55825Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2802Broken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.htmlMitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55757Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55822Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55825Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2802Broken Link
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EDD62AC-01DD-479D-A0A9-D703063840DE",
              "versionEndExcluding": "1.4.4",
              "versionStartIncluding": "0.8.41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C743469D-8933-43A6-ABAF-28E68B12A3C1",
              "versionEndIncluding": "1.5.6",
              "versionStartIncluding": "1.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:lifecycle_management_server:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "723DEC97-DB25-4010-81FB-E47FF04EEDD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "74BCA435-7594-49E8-9BAE-9E02E129B6C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:webyast:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDC5169C-7B9A-4269-92F4-638374B79CD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI."
    },
    {
      "lang": "es",
      "value": "nginx 0.8.41 hasta la versi\u00f3n 1.4.3 y 1.5.x anterior a la versi\u00f3n 1.5.7 permite a atacantes remotos evadir restricciones intencionadas a trav\u00e9s de un car\u00e1cter de espacio sin escape en una URI."
    }
  ],
  "id": "CVE-2013-4547",
  "lastModified": "2024-11-21T01:55:48.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-11-23T18:55:04.687",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/55757"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/55822"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/55825"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.debian.org/security/2012/dsa-2802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/55757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/55822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/55825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.debian.org/security/2012/dsa-2802"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-116"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-12-23 23:55
Modified
2024-11-21 01:54
Severity ?
Summary
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:novell:suse_lifecycle_management_server:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD6001DB-C6AC-467F-8BDB-9FE8E59DAFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "74BCA435-7594-49E8-9BAE-9E02E129B6C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:webyast:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDC5169C-7B9A-4269-92F4-638374B79CD8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file."
    },
    {
      "lang": "es",
      "value": "WebYaST v1.3 usa permisos d\u00e9biles en config/initializers/secret_token.rb, lo que permite a usuarios locales obtener privilegios mediante la lectura del token secreto de Rails de este archivo."
    }
  ],
  "id": "CVE-2013-3709",
  "lastModified": "2024-11-21T01:54:09.830",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-12-23T23:55:04.093",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00014.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.novell.com/show_bug.cgi?id=851116"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.novell.com/show_bug.cgi?id=851116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-201311-0399
Vulnerability from variot

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. nginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547 http://advisories.mageia.org/MGASA-2013-0349.html


Updated Packages:

Mandriva Business Server 1/X86_64: ee03201627b548e26667eec1e5ac7dae mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm 6404dde21b871054a663171b5460fac8 mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Debian Security Advisory DSA-2802-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 21, 2013 http://www.debian.org/security/faq


Package : nginx Vulnerability : restriction bypass Problem type : remote Debian-specific: no CVE ID : CVE-2013-4547 Debian Bug : 730012

Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request.

The oldstable distribution (squeeze) is not affected by this problem.

For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy2.

For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1.

We recommend that you upgrade your nginx packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST q9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO 3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6 Ddh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6 OHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f vAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw== =ttYS -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201311-0399",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "12.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "lifecycle management server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.8.41"
      },
      {
        "model": "nginx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.5.6"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.5.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "12.2"
      },
      {
        "model": "studio onsite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.4.4"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.4"
      },
      {
        "model": "webyast",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "1.5.7"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "1.5.x"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "0.8.41 to  1.4.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.3.4"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.4.1"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.3.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.3.5"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.4.2"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.3.7"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.3.6"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.3.9"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.4.0"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.3.8"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.1.17"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.0.14"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.0.10"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.0.9"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.0.8"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.8.40"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.1.19"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.0.15"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "63814"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.4.4",
                "versionStartIncluding": "0.8.41",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.6",
                "versionStartIncluding": "1.5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:suse:lifecycle_management_server:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:suse:webyast:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ivan Fratric of the Google Security Team",
    "sources": [
      {
        "db": "BID",
        "id": "63814"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-4547",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2013-4547",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-64549",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-4547",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201311-336",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-64549",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2013-4547",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \nnginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547\n http://advisories.mageia.org/MGASA-2013-0349.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n ee03201627b548e26667eec1e5ac7dae  mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm \n 6404dde21b871054a663171b5460fac8  mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2802-1                   security@debian.org\nhttp://www.debian.org/security/                           Thijs Kinkhorst\nNovember 21, 2013                      http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : nginx\nVulnerability  : restriction bypass\nProblem type   : remote\nDebian-specific: no\nCVE ID         : CVE-2013-4547\nDebian Bug     : 730012\n\nIvan Fratric of the Google Security Team discovered a bug in nginx,\na web server, which might allow an attacker to bypass security\nrestrictions by using a specially crafted request. \n\nThe oldstable distribution (squeeze) is not affected by this problem. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.4-1. \n\nWe recommend that you upgrade your nginx packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST\nq9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO\n3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6\nDdh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6\nOHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f\nvAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw==\n=ttYS\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "BID",
        "id": "63814"
      },
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "db": "PACKETSTORM",
        "id": "124159"
      },
      {
        "db": "PACKETSTORM",
        "id": "124145"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-64549",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38846",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4547"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-4547",
        "trust": 3.1
      },
      {
        "db": "SECUNIA",
        "id": "55825",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "55757",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "55822",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "63814",
        "trust": 0.5
      },
      {
        "db": "PACKETSTORM",
        "id": "124145",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "124159",
        "trust": 0.2
      },
      {
        "db": "EXPLOIT-DB",
        "id": "38846",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-64549",
        "trust": 0.1
      },
      {
        "db": "EXPLOITDB",
        "id": "38846",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4547",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "db": "BID",
        "id": "63814"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "PACKETSTORM",
        "id": "124159"
      },
      {
        "db": "PACKETSTORM",
        "id": "124145"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "id": "VAR-201311-0399",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:21:32.796000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DSA-2802",
        "trust": 0.8,
        "url": "http://www.debian.org/security/2013/dsa-2802"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://nginx.com/"
      },
      {
        "title": "SUSE-SU-2013:1895",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html"
      },
      {
        "title": "openSUSE-SU-2013:1791",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html"
      },
      {
        "title": "openSUSE-SU-2013:1792",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html"
      },
      {
        "title": "openSUSE-SU-2013:1745",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html"
      },
      {
        "title": "nginx-1.5.7",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48998"
      },
      {
        "title": "nginx-1.4.4",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48997"
      },
      {
        "title": "nginx-1.4.4",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48996"
      },
      {
        "title": "nginx-1.4.4",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=49035"
      },
      {
        "title": "nginx-1.5.7",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48999"
      },
      {
        "title": "Debian CVElist Bug Report Logs: nginx: CVE-2013-4547",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f4bb5a4a182af6a4c8ca260ef90a3d69"
      },
      {
        "title": "Debian Security Advisories: DSA-2802-1 nginx -- restriction bypass",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0e9f3c319e9988b421581c9d566c73e5"
      },
      {
        "title": "Debian CVElist Bug Report Logs: nginx:CVE-2014-3616: possible to reuse cached SSL sessions in unrelated contexts",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=703629f55868e4fc7623e469fe23486b"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2013-249",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2013-249"
      },
      {
        "title": "DVWA-Note",
        "trust": 0.1,
        "url": "https://github.com/dhgdhg/dvwa- "
      },
      {
        "title": "DVWA-Note",
        "trust": 0.1,
        "url": "https://github.com/twfb/dvwa-note "
      },
      {
        "title": "DVWA-Note",
        "trust": 0.1,
        "url": "https://github.com/dhgdhg/dvwa "
      },
      {
        "title": "usn-search",
        "trust": 0.1,
        "url": "https://github.com/lukeber4/usn-search "
      },
      {
        "title": "Vision",
        "trust": 0.1,
        "url": "https://github.com/coolervoid/vision "
      },
      {
        "title": "Vision2",
        "trust": 0.1,
        "url": "https://github.com/coolervoid/vision2 "
      },
      {
        "title": "woodswiki",
        "trust": 0.1,
        "url": "https://github.com/woods-sega/woodswiki "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-116",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.debian.org/security/2012/dsa-2802"
      },
      {
        "trust": 2.1,
        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/55757"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/55822"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/55825"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4547"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4547"
      },
      {
        "trust": 0.3,
        "url": "http://nginx.org/download/patch.2013.space.txt"
      },
      {
        "trust": 0.3,
        "url": "http://nginx.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671931"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4547"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/116.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dhgdhg/dvwa-"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/38846/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/63814"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730012"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/./dsa-2802"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2013-0349.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "db": "BID",
        "id": "63814"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "PACKETSTORM",
        "id": "124159"
      },
      {
        "db": "PACKETSTORM",
        "id": "124145"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "db": "BID",
        "id": "63814"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "PACKETSTORM",
        "id": "124159"
      },
      {
        "db": "PACKETSTORM",
        "id": "124145"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-11-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "date": "2013-11-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "date": "2013-11-19T00:00:00",
        "db": "BID",
        "id": "63814"
      },
      {
        "date": "2013-11-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "date": "2013-11-25T17:07:04",
        "db": "PACKETSTORM",
        "id": "124159"
      },
      {
        "date": "2013-11-22T21:29:14",
        "db": "PACKETSTORM",
        "id": "124145"
      },
      {
        "date": "2013-11-23T18:55:04.687000",
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "date": "2013-11-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "date": "2021-11-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "date": "2015-05-07T17:10:00",
        "db": "BID",
        "id": "63814"
      },
      {
        "date": "2013-12-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "date": "2021-11-10T15:59:33.657000",
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "date": "2023-05-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "nginx Vulnerabilities that bypass restrictions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ],
    "trust": 0.6
  }
}

var-201312-0118
Vulnerability from variot

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem. RubyGems i18n is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to RubyGems i18n 0.6.6, and 0.5.1 are vulnerable.

For the stable distribution (wheezy), these problems have been fixed in version 3.2.6-6+deb7u1.

For the unstable distribution (sid), this problem has been fixed in version 3.2.16-3+0 of the rails-3.2 source package.

We recommend that you upgrade your ruby-actionpack-3.2 packages. Relevant releases/architectures:

OpenStack 3 - noarch

  1. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: Subscription Asset Manager 1.4 security update Advisory ID: RHSA-2014:1863-01 Product: Red Hat Subscription Asset Manager Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1863.html Issue date: 2014-11-17 CVE Names: CVE-2013-1854 CVE-2013-1855 CVE-2013-1857 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2014-0130 =====================================================================

  1. Summary:

Updated Subscription Asset Manager 1.4 packages that fix multiple security issues are now available.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Subscription Asset Manager for RHEL 6 Server - noarch

  1. Description:

Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. Red Hat Subscription Asset Manager is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request. (CVE-2014-0130)

A flaw was found in the way Ruby on Rails handled hashes in certain queries. A remote attacker could use this flaw to perform a denial of service (resource consumption) attack by sending specially crafted queries that would result in the creation of Ruby symbols, which were never garbage collected. (CVE-2013-1854)

Two cross-site scripting (XSS) flaws were found in Action Pack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using Action Pack. A remote attacker could possibly use this flaw to perform a reflective cross-site scripting (XSS) attack by providing a specially crafted input to an application using the aforementioned component. (CVE-2013-4491)

A denial of service flaw was found in the header handling component of Action View. A remote attacker could send strings in specially crafted headers that would be cached indefinitely, which would result in all available system memory eventually being consumed. (CVE-2013-6414)

It was found that the number_to_currency Action View helper did not properly escape the unit parameter. An attacker could use this flaw to perform a cross-site scripting (XSS) attack on an application that uses data submitted by a user in the unit parameter. (CVE-2013-6415)

Red Hat would like to thank Ruby on Rails upstream for reporting these issues. Upstream acknowledges Ben Murphy as the original reporter of CVE-2013-1854, Charlie Somerville as the original reporter of CVE-2013-1855, Alan Jenkins as the original reporter of CVE-2013-1857, Peter McLarnan as the original reporter of CVE-2013-4491, Toby Hsieh as the original reporter of CVE-2013-6414, and Ankit Gupta as the original reporter of CVE-2013-6415.

All Subscription Asset Manager users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

921329 - CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability 921331 - CVE-2013-1855 rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css 921335 - CVE-2013-1857 rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the helper of Ruby on Rails 1036483 - CVE-2013-6414 rubygem-actionpack: Action View DoS 1036910 - CVE-2013-6415 rubygem-actionpack: number_to_currency XSS 1036922 - CVE-2013-4491 rubygem-actionpack: i18n missing translation XSS 1095105 - CVE-2014-0130 rubygem-actionpack: directory traversal issue

  1. Package List:

Red Hat Subscription Asset Manager for RHEL 6 Server:

Source: katello-1.4.3.28-1.el6sam_splice.src.rpm ruby193-rubygem-actionmailer-3.2.17-1.el6sam.src.rpm ruby193-rubygem-actionpack-3.2.17-6.el6sam.src.rpm ruby193-rubygem-activemodel-3.2.17-1.el6sam.src.rpm ruby193-rubygem-activerecord-3.2.17-5.el6sam.src.rpm ruby193-rubygem-activeresource-3.2.17-1.el6sam.src.rpm ruby193-rubygem-activesupport-3.2.17-2.el6sam.src.rpm ruby193-rubygem-i18n-0.6.9-1.el6sam.src.rpm ruby193-rubygem-mail-2.5.4-1.el6sam.src.rpm ruby193-rubygem-rack-1.4.5-3.el6sam.src.rpm ruby193-rubygem-rails-3.2.17-1.el6sam.src.rpm ruby193-rubygem-railties-3.2.17-1.el6sam.src.rpm

noarch: katello-common-1.4.3.28-1.el6sam_splice.noarch.rpm katello-glue-candlepin-1.4.3.28-1.el6sam_splice.noarch.rpm katello-glue-elasticsearch-1.4.3.28-1.el6sam_splice.noarch.rpm katello-headpin-1.4.3.28-1.el6sam_splice.noarch.rpm katello-headpin-all-1.4.3.28-1.el6sam_splice.noarch.rpm ruby193-rubygem-actionmailer-3.2.17-1.el6sam.noarch.rpm ruby193-rubygem-actionpack-3.2.17-6.el6sam.noarch.rpm ruby193-rubygem-activemodel-3.2.17-1.el6sam.noarch.rpm ruby193-rubygem-activerecord-3.2.17-5.el6sam.noarch.rpm ruby193-rubygem-activeresource-3.2.17-1.el6sam.noarch.rpm ruby193-rubygem-activesupport-3.2.17-2.el6sam.noarch.rpm ruby193-rubygem-i18n-0.6.9-1.el6sam.noarch.rpm ruby193-rubygem-mail-2.5.4-1.el6sam.noarch.rpm ruby193-rubygem-rack-1.4.5-3.el6sam.noarch.rpm ruby193-rubygem-rails-3.2.17-1.el6sam.noarch.rpm ruby193-rubygem-railties-3.2.17-1.el6sam.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2013-1854 https://access.redhat.com/security/cve/CVE-2013-1855 https://access.redhat.com/security/cve/CVE-2013-1857 https://access.redhat.com/security/cve/CVE-2013-4491 https://access.redhat.com/security/cve/CVE-2013-6414 https://access.redhat.com/security/cve/CVE-2013-6415 https://access.redhat.com/security/cve/CVE-2014-0130 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFUai7iXlSAg2UNWIIRAmtEAJ9m+ZUXuva81fLz9G1CLKYi5aJoHACfcd3y SoVal0zNgx0pwtSAkS1q5/0= =i5aK -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201312-0118",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruby on rails",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rubyonrails",
        "version": "3.2.14"
      },
      {
        "model": "ruby on rails",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rubyonrails",
        "version": "3.2.15"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.19"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.13"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.1.7"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.17"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.7"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.16"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.11"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.9"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.6"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.9"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.3"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.20"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.1.9"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.1.2"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.5"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.4"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "4.0.1"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.1"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.8"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.12"
      },
      {
        "model": "ruby on rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.4"
      },
      {
        "model": "ruby on rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.1.11"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.1.1"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.1.4"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.0"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.1.3"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.12"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.13"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.1.6"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.4"
      },
      {
        "model": "ruby on rails",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.15"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.1.10"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.2"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.2"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.10"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.1.8"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.3"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.11"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.0"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.1.5"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.14"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.10"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.5"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "4.0.0"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.6"
      },
      {
        "model": "rails",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "4.0.1"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.8"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.7"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.1.0"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.2.1"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rubyonrails",
        "version": "3.0.18"
      },
      {
        "model": "rails",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ruby on rails",
        "version": "4.x"
      },
      {
        "model": "rails",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ruby on rails",
        "version": "3.x"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ruby on rails",
        "version": "3.2.16"
      },
      {
        "model": "rails",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ruby on rails",
        "version": "4.0.2"
      },
      {
        "model": "ruby on rails",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rubyonrails",
        "version": "3.2.12"
      },
      {
        "model": "ruby on rails",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rubyonrails",
        "version": "3.2.13"
      },
      {
        "model": "webyast",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "studio onsite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "lifecycle management server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.2"
      },
      {
        "model": "i18n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rubygems",
        "version": "0.6.5"
      },
      {
        "model": "i18n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rubygems",
        "version": "0.5.0"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "4.0.1"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "4.0"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.13"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.12"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.11"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.10"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.8"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.7"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.6"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.4"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.2"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.12"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.11"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.9"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.8"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.7"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.6"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.5"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.4"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.2"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.0.6"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.15"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.0.8"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.0.7"
      },
      {
        "model": "software collections for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "0"
      },
      {
        "model": "openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1"
      },
      {
        "model": "chef",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "11.1.2"
      },
      {
        "model": "security network protection xgs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.1"
      },
      {
        "model": "security network protection xgs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1"
      },
      {
        "model": "security network protection xgs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "i18n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rubygems",
        "version": "0.6.6"
      },
      {
        "model": "i18n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rubygems",
        "version": "0.5.1"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "4.0.2"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.16"
      },
      {
        "model": "puppet enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1.1"
      },
      {
        "model": "chef",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "11.1.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005367"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4491"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-123"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:*:-:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.2.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4491"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Peter McLarnan of Matasano Security.",
    "sources": [
      {
        "db": "BID",
        "id": "64076"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-4491",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2013-4491",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-4491",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201312-123",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005367"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4491"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-123"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem. RubyGems i18n is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nVersions prior to  RubyGems i18n 0.6.6, and 0.5.1 are vulnerable. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.6-6+deb7u1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.16-3+0 of the rails-3.2 source package. \n\nWe recommend that you upgrade your ruby-actionpack-3.2 packages. Relevant releases/architectures:\n\nOpenStack 3 - noarch\n\n3. \nAn application using a third party library, which uses the Rack::Request\ninterface, or custom Rack middleware could bypass the protection\nimplemented to fix the CVE-2013-0155 vulnerability, causing the application\nto receive unsafe parameters and become vulnerable to CVE-2013-0155. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Subscription Asset Manager 1.4 security update\nAdvisory ID:       RHSA-2014:1863-01\nProduct:           Red Hat Subscription Asset Manager\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-1863.html\nIssue date:        2014-11-17\nCVE Names:         CVE-2013-1854 CVE-2013-1855 CVE-2013-1857 \n                   CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 \n                   CVE-2014-0130 \n=====================================================================\n\n1. Summary:\n\nUpdated Subscription Asset Manager 1.4 packages that fix multiple security\nissues are now available. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Subscription Asset Manager for RHEL 6 Server - noarch\n\n3. Description:\n\nRed Hat Subscription Asset Manager acts as a proxy for handling\nsubscription information and software updates on client machines. Red Hat\nSubscription Asset Manager is built on Ruby on Rails, a\nmodel-view-controller (MVC) framework for web application development. \nAction Pack implements the controller and the view components. \n\nA directory traversal flaw was found in the way Ruby on Rails handled\nwildcard segments in routes with implicit rendering. A remote attacker\ncould use this flaw to retrieve arbitrary local files accessible to a Ruby\non Rails application using the aforementioned routes via a specially\ncrafted request. (CVE-2014-0130)\n\nA flaw was found in the way Ruby on Rails handled hashes in certain\nqueries. A remote attacker could use this flaw to perform a denial of\nservice (resource consumption) attack by sending specially crafted queries\nthat would result in the creation of Ruby symbols, which were never garbage\ncollected. (CVE-2013-1854)\n\nTwo cross-site scripting (XSS) flaws were found in Action Pack. A remote\nattacker could use these flaws to conduct XSS attacks against users of an\napplication using Action Pack. A remote attacker could possibly use this flaw to\nperform a reflective cross-site scripting (XSS) attack by providing a\nspecially crafted input to an application using the aforementioned\ncomponent. (CVE-2013-4491)\n\nA denial of service flaw was found in the header handling component of\nAction View. A remote attacker could send strings in specially crafted\nheaders that would be cached indefinitely, which would result in all\navailable system memory eventually being consumed. (CVE-2013-6414)\n\nIt was found that the number_to_currency Action View helper did not\nproperly escape the unit parameter. An attacker could use this flaw to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user in the unit parameter. (CVE-2013-6415)\n\nRed Hat would like to thank Ruby on Rails upstream for reporting these\nissues. Upstream acknowledges Ben Murphy as the original reporter of\nCVE-2013-1854, Charlie Somerville as the original reporter of\nCVE-2013-1855, Alan Jenkins as the original reporter of CVE-2013-1857,\nPeter McLarnan as the original reporter of CVE-2013-4491, Toby Hsieh as the\noriginal reporter of CVE-2013-6414, and Ankit Gupta as the original\nreporter of CVE-2013-6415. \n\nAll Subscription Asset Manager users are advised to upgrade to these\nupdated packages, which contain backported patches to correct these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n921329 - CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability\n921331 - CVE-2013-1855 rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css\n921335 - CVE-2013-1857 rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the  helper of Ruby on Rails\n1036483 - CVE-2013-6414 rubygem-actionpack: Action View DoS\n1036910 - CVE-2013-6415 rubygem-actionpack: number_to_currency XSS\n1036922 - CVE-2013-4491 rubygem-actionpack: i18n missing translation XSS\n1095105 - CVE-2014-0130 rubygem-actionpack: directory traversal issue\n\n6. Package List:\n\nRed Hat Subscription Asset Manager for RHEL 6 Server:\n\nSource:\nkatello-1.4.3.28-1.el6sam_splice.src.rpm\nruby193-rubygem-actionmailer-3.2.17-1.el6sam.src.rpm\nruby193-rubygem-actionpack-3.2.17-6.el6sam.src.rpm\nruby193-rubygem-activemodel-3.2.17-1.el6sam.src.rpm\nruby193-rubygem-activerecord-3.2.17-5.el6sam.src.rpm\nruby193-rubygem-activeresource-3.2.17-1.el6sam.src.rpm\nruby193-rubygem-activesupport-3.2.17-2.el6sam.src.rpm\nruby193-rubygem-i18n-0.6.9-1.el6sam.src.rpm\nruby193-rubygem-mail-2.5.4-1.el6sam.src.rpm\nruby193-rubygem-rack-1.4.5-3.el6sam.src.rpm\nruby193-rubygem-rails-3.2.17-1.el6sam.src.rpm\nruby193-rubygem-railties-3.2.17-1.el6sam.src.rpm\n\nnoarch:\nkatello-common-1.4.3.28-1.el6sam_splice.noarch.rpm\nkatello-glue-candlepin-1.4.3.28-1.el6sam_splice.noarch.rpm\nkatello-glue-elasticsearch-1.4.3.28-1.el6sam_splice.noarch.rpm\nkatello-headpin-1.4.3.28-1.el6sam_splice.noarch.rpm\nkatello-headpin-all-1.4.3.28-1.el6sam_splice.noarch.rpm\nruby193-rubygem-actionmailer-3.2.17-1.el6sam.noarch.rpm\nruby193-rubygem-actionpack-3.2.17-6.el6sam.noarch.rpm\nruby193-rubygem-activemodel-3.2.17-1.el6sam.noarch.rpm\nruby193-rubygem-activerecord-3.2.17-5.el6sam.noarch.rpm\nruby193-rubygem-activeresource-3.2.17-1.el6sam.noarch.rpm\nruby193-rubygem-activesupport-3.2.17-2.el6sam.noarch.rpm\nruby193-rubygem-i18n-0.6.9-1.el6sam.noarch.rpm\nruby193-rubygem-mail-2.5.4-1.el6sam.noarch.rpm\nruby193-rubygem-rack-1.4.5-3.el6sam.noarch.rpm\nruby193-rubygem-rails-3.2.17-1.el6sam.noarch.rpm\nruby193-rubygem-railties-3.2.17-1.el6sam.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-1854\nhttps://access.redhat.com/security/cve/CVE-2013-1855\nhttps://access.redhat.com/security/cve/CVE-2013-1857\nhttps://access.redhat.com/security/cve/CVE-2013-4491\nhttps://access.redhat.com/security/cve/CVE-2013-6414\nhttps://access.redhat.com/security/cve/CVE-2013-6415\nhttps://access.redhat.com/security/cve/CVE-2014-0130\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUai7iXlSAg2UNWIIRAmtEAJ9m+ZUXuva81fLz9G1CLKYi5aJoHACfcd3y\nSoVal0zNgx0pwtSAkS1q5/0=\n=i5aK\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005367"
      },
      {
        "db": "BID",
        "id": "64076"
      },
      {
        "db": "PACKETSTORM",
        "id": "125923"
      },
      {
        "db": "PACKETSTORM",
        "id": "124669"
      },
      {
        "db": "PACKETSTORM",
        "id": "124305"
      },
      {
        "db": "PACKETSTORM",
        "id": "129131"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-4491",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "64076",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "57836",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005367",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-123",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "125923",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124669",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124305",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129131",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005367"
      },
      {
        "db": "PACKETSTORM",
        "id": "125923"
      },
      {
        "db": "PACKETSTORM",
        "id": "124669"
      },
      {
        "db": "PACKETSTORM",
        "id": "124305"
      },
      {
        "db": "PACKETSTORM",
        "id": "129131"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4491"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-123"
      }
    ]
  },
  "id": "VAR-201312-0118",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.24090908
  },
  "last_update_date": "2023-12-18T11:02:55.991000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Enterprise Chef 11.1.3 Release",
        "trust": 0.8,
        "url": "https://www.chef.io/blog/2014/04/09/enterprise-chef-11-1-3-release/"
      },
      {
        "title": "[CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails",
        "trust": 0.8,
        "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/plrh6duw998/blfeyio4k_ej"
      },
      {
        "title": "openSUSE-SU-2013:1904",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"
      },
      {
        "title": "openSUSE-SU-2013:1906",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"
      },
      {
        "title": "openSUSE-SU-2013:1907",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"
      },
      {
        "title": "Rails 3.2.16 and 4.0.2 have been released!",
        "trust": 0.8,
        "url": "http://weblog.rubyonrails.org/2013/12/3/rails_3_2_16_and_4_0_2_have_been_released/"
      },
      {
        "title": "RHSA-2014:1863",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1863.html"
      },
      {
        "title": "RHSA-2014:0008",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0008.html"
      },
      {
        "title": "RHSA-2013:1794",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2013-1794.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005367"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005367"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4491"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0008.html"
      },
      {
        "trust": 2.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2013-1794.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1863.html"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/57836"
      },
      {
        "trust": 1.6,
        "url": "http://weblog.rubyonrails.org/2013/12/3/rails_3_2_16_and_4_0_2_have_been_released/"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2014/dsa-2888"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/64076"
      },
      {
        "trust": 1.6,
        "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/plrh6duw998/blfeyio4k_ej"
      },
      {
        "trust": 1.6,
        "url": "https://puppet.com/security/cve/cve-2013-4491"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4491"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4491"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6414"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4491"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6415"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036922"
      },
      {
        "trust": 0.3,
        "url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/"
      },
      {
        "trust": 0.3,
        "url": "http://puppetlabs.com/security/cve/cve-2013-4491"
      },
      {
        "trust": 0.3,
        "url": "http://www.rubyonrails.com/"
      },
      {
        "trust": 0.3,
        "url": "rubygems.org/gems/i18n"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665279"
      },
      {
        "trust": 0.3,
        "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140734-1.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6417"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2013-6414.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2013-6417.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/site/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2013-4491.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2013-6415.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4389"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-1855"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-1857"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1857"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-4491"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-1854"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0130"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0130"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-6415"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1854"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1855"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-6414"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005367"
      },
      {
        "db": "PACKETSTORM",
        "id": "125923"
      },
      {
        "db": "PACKETSTORM",
        "id": "124669"
      },
      {
        "db": "PACKETSTORM",
        "id": "124305"
      },
      {
        "db": "PACKETSTORM",
        "id": "129131"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4491"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-123"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "64076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005367"
      },
      {
        "db": "PACKETSTORM",
        "id": "125923"
      },
      {
        "db": "PACKETSTORM",
        "id": "124669"
      },
      {
        "db": "PACKETSTORM",
        "id": "124305"
      },
      {
        "db": "PACKETSTORM",
        "id": "129131"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4491"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-123"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-12-03T00:00:00",
        "db": "BID",
        "id": "64076"
      },
      {
        "date": "2013-12-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005367"
      },
      {
        "date": "2014-03-28T19:44:00",
        "db": "PACKETSTORM",
        "id": "125923"
      },
      {
        "date": "2014-01-06T23:18:51",
        "db": "PACKETSTORM",
        "id": "124669"
      },
      {
        "date": "2013-12-06T01:04:06",
        "db": "PACKETSTORM",
        "id": "124305"
      },
      {
        "date": "2014-11-17T23:30:56",
        "db": "PACKETSTORM",
        "id": "129131"
      },
      {
        "date": "2013-12-07T00:55:03.553000",
        "db": "NVD",
        "id": "CVE-2013-4491"
      },
      {
        "date": "2013-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201312-123"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-13T21:56:00",
        "db": "BID",
        "id": "64076"
      },
      {
        "date": "2015-08-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005367"
      },
      {
        "date": "2019-08-08T15:42:45.623000",
        "db": "NVD",
        "id": "CVE-2013-4491"
      },
      {
        "date": "2019-08-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201312-123"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-123"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ruby on Rails of  internationalization Component cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005367"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "125923"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-123"
      }
    ],
    "trust": 0.7
  }
}

var-201312-0119
Vulnerability from variot

Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call. RubyGems i18n is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to RubyGems i18n 0.6.6, and 0.5.1 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Debian Security Advisory DSA-2830-1 security@debian.org http://www.debian.org/security/ Florian Weiemr December 30, 2013 http://www.debian.org/security/faq


Package : ruby-i18n Vulnerability : cross-site scripting Problem type : remote Debian-specific: no CVE ID : CVE-2013-4492

Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by the ruby-i18n package.

The oldstable distribution (squeeze) is not affected by this problem; the libi18n-ruby package does not contain the vulnerable code.

For the stable distribution (wheezy), this problem has been fixed in version 0.6.0-3+deb7u1.

For the unstable distribution (sid), this problem has been fixed in version 0.6.9-1.

We recommend that you upgrade your ruby-i18n packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJSwfRdAAoJEL97/wQC1SS+xwAH/iI7ga/tjp1b8r//lKu3BBt5 GClsPWVKd9TBEYGHTM2ipskSU9+EDOkt/vhWH9TK2C5BA0eo68b6I2Gg8Z+BQzGa SwfQmnIee/UX3gFi+mRnppyNp1WqAxEXvRNN/1JCiVevZAUEicnUx36xUn7paLIi T+I2iae9LrCrP11XtU0KzNeg3ktt5QOTvOHIjlsdXoDHqT8EzjGalk99qA4fVK0I FU2as0zhN6aZtnivhoIuc4P3u4XYoKhK7R4BL4bwW1KzSr4/LqZ2PAOLRexyWDwV HJdfcR3WyRvpuxQKVFU9XF+agjBhWU98B8BWaC7O7aTsFYpwtHdtRN6PGJgCXUA= =GovW -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201312-0119",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "i18n",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "i18n",
        "version": "0.6.5"
      },
      {
        "model": "i18n",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "sven fuchs",
        "version": "0.6.6"
      },
      {
        "model": "i18n",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ruby i18n",
        "version": "0.6.5"
      },
      {
        "model": "webyast",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "studio onsite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "lifecycle management server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.2"
      },
      {
        "model": "i18n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rubygems",
        "version": "0.6.5"
      },
      {
        "model": "i18n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rubygems",
        "version": "0.5.0"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "4.0.1"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "4.0"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.13"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.12"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.11"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.10"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.8"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.7"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.6"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.4"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.2"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.12"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.11"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.9"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.8"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.7"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.6"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.5"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.4"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1.2"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.1"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.0.6"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.15"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.0.8"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.0.7"
      },
      {
        "model": "software collections for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "0"
      },
      {
        "model": "openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1"
      },
      {
        "model": "chef",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "11.1.2"
      },
      {
        "model": "security network protection xgs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.1"
      },
      {
        "model": "security network protection xgs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1"
      },
      {
        "model": "security network protection xgs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "i18n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rubygems",
        "version": "0.6.6"
      },
      {
        "model": "i18n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rubygems",
        "version": "0.5.1"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "4.0.2"
      },
      {
        "model": "on rails ruby on rails",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ruby",
        "version": "3.2.16"
      },
      {
        "model": "puppet enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1.1"
      },
      {
        "model": "chef",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "11.1.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005372"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4492"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-124"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:i18n_project:i18n:*:*:*:*:*:ruby:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.6.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4492"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Peter McLarnan of Matasano Security.",
    "sources": [
      {
        "db": "BID",
        "id": "64076"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-4492",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2013-4492",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-4492",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201312-124",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005372"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4492"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-124"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call. RubyGems i18n is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nVersions prior to  RubyGems i18n 0.6.6, and 0.5.1 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2830-1                   security@debian.org\nhttp://www.debian.org/security/                            Florian Weiemr\nDecember 30, 2013                      http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : ruby-i18n\nVulnerability  : cross-site scripting\nProblem type   : remote\nDebian-specific: no\nCVE ID         : CVE-2013-4492\n\nPeter McLarnan discovered that the internationalization component of\nRuby on Rails does not properly encode parameters in generated HTML\ncode, resulting in a cross-site scripting vulnerability.  This update\ncorrects the underlying vulnerability in the i18n gem, as provided by\nthe ruby-i18n package. \n\nThe oldstable distribution (squeeze) is not affected by this problem;\nthe libi18n-ruby package does not contain the vulnerable code. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.6.0-3+deb7u1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.6.9-1. \n\nWe recommend that you upgrade your ruby-i18n packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niQEcBAEBAgAGBQJSwfRdAAoJEL97/wQC1SS+xwAH/iI7ga/tjp1b8r//lKu3BBt5\nGClsPWVKd9TBEYGHTM2ipskSU9+EDOkt/vhWH9TK2C5BA0eo68b6I2Gg8Z+BQzGa\nSwfQmnIee/UX3gFi+mRnppyNp1WqAxEXvRNN/1JCiVevZAUEicnUx36xUn7paLIi\nT+I2iae9LrCrP11XtU0KzNeg3ktt5QOTvOHIjlsdXoDHqT8EzjGalk99qA4fVK0I\nFU2as0zhN6aZtnivhoIuc4P3u4XYoKhK7R4BL4bwW1KzSr4/LqZ2PAOLRexyWDwV\nHJdfcR3WyRvpuxQKVFU9XF+agjBhWU98B8BWaC7O7aTsFYpwtHdtRN6PGJgCXUA=\n=GovW\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4492"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005372"
      },
      {
        "db": "BID",
        "id": "64076"
      },
      {
        "db": "PACKETSTORM",
        "id": "124627"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-4492",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "64076",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005372",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-124",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "124627",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005372"
      },
      {
        "db": "PACKETSTORM",
        "id": "124627"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4492"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-124"
      }
    ]
  },
  "id": "VAR-201312-0119",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.24090908
  },
  "last_update_date": "2023-12-18T11:10:16.683000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "The I18n::MissingTranslation exception escapes key names for its html_message",
        "trust": 0.8,
        "url": "https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445"
      },
      {
        "title": "[CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails",
        "trust": 0.8,
        "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/plrh6duw998/blfeyio4k_ej"
      },
      {
        "title": "Rails 3.2.16 and 4.0.2 have been released!",
        "trust": 0.8,
        "url": "http://weblog.rubyonrails.org/2013/12/3/rails_3_2_16_and_4_0_2_have_been_released/"
      },
      {
        "title": "i18n",
        "trust": 0.8,
        "url": "http://rubygems.org/gems/i18n"
      },
      {
        "title": "lib-i18n-exceptions.rb",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=46892"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005372"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-124"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005372"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4492"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html"
      },
      {
        "trust": 1.6,
        "url": "http://weblog.rubyonrails.org/2013/12/3/rails_3_2_16_and_4_0_2_have_been_released/"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2013/dsa-2830"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/64076"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445"
      },
      {
        "trust": 1.6,
        "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/plrh6duw998/blfeyio4k_ej"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4492"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4492"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039435"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2013-4492"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2017:0320"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhba-2015:1100"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2018:0380"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036922"
      },
      {
        "trust": 0.3,
        "url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/"
      },
      {
        "trust": 0.3,
        "url": "http://puppetlabs.com/security/cve/cve-2013-4491"
      },
      {
        "trust": 0.3,
        "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
      },
      {
        "trust": 0.3,
        "url": "http://www.rubyonrails.com/"
      },
      {
        "trust": 0.3,
        "url": "rubygems.org/gems/i18n"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0008.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2013-1794.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665279"
      },
      {
        "trust": 0.3,
        "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140734-1.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4492"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005372"
      },
      {
        "db": "PACKETSTORM",
        "id": "124627"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4492"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-124"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "64076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005372"
      },
      {
        "db": "PACKETSTORM",
        "id": "124627"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4492"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-124"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-12-03T00:00:00",
        "db": "BID",
        "id": "64076"
      },
      {
        "date": "2013-12-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005372"
      },
      {
        "date": "2013-12-31T14:01:56",
        "db": "PACKETSTORM",
        "id": "124627"
      },
      {
        "date": "2013-12-07T00:55:03.663000",
        "db": "NVD",
        "id": "CVE-2013-4492"
      },
      {
        "date": "2013-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201312-124"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-13T21:56:00",
        "db": "BID",
        "id": "64076"
      },
      {
        "date": "2013-12-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005372"
      },
      {
        "date": "2023-02-13T04:47:02.933000",
        "db": "NVD",
        "id": "CVE-2013-4492"
      },
      {
        "date": "2023-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201312-124"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-124"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ruby for  i18n gem of  exceptions.rb Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005372"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "124627"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-124"
      }
    ],
    "trust": 0.7
  }
}

var-201112-0347
Vulnerability from variot

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. nginx is prone to a remote heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to nginx 1.0.10 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22


                                        http://security.gentoo.org/

Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22


Synopsis

Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.

Background

nginx is a robust, small, and high performance HTTP and reverse proxy server.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 www-servers/nginx < 1.0.14 >= 1.0.14

Description

Multiple vulnerabilities have been found in nginx:

  • The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
  • The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
  • nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898).
  • The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
  • nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).

Workaround

There is no known workaround at this time.

Resolution

All nginx users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"

References

[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201203-22.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------

Secunia is hiring!

Find your next job here:

http://secunia.com/company/jobs/


TITLE: nginx DNS Response Handling Buffer Overflow Vulnerability

SECUNIA ADVISORY ID: SA46798

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46798/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46798

RELEASE DATE: 2011-11-17

DISCUSS ADVISORY: http://secunia.com/advisories/46798/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/46798/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=46798

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been reported in nginx, which can be exploited by malicious people to potentially compromise a vulnerable system.

Successful exploitation may allow execution of arbitrary code but requires that the custom DNS resolver is enabled (disabled by default).

SOLUTION: Update to version 1.0.10.

PROVIDED AND/OR DISCOVERED BY: Ben Hawkes

ORIGINAL ADVISORY: nginx: http://nginx.org/en/CHANGES-1.0

Ben Hawkes: http://www.openwall.com/lists/oss-security/2011/11/17/8

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


. ----------------------------------------------------------------------

Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), manipulate certain data, and potentially compromise a vulnerable system

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201112-0347",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "webyast",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "1.2"
      },
      {
        "model": "studio onsite",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "1.2"
      },
      {
        "model": "studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "1.2"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.0.10"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.6.18"
      },
      {
        "model": "nginx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.1.7"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "16"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.1.0"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "1.0.10"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "1.0.9"
      },
      {
        "model": "studio standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.2"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.0.9"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.0.8"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.8.41"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.8.36"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.8.35"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.8.33"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.8.32"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.8.15"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.8.14"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.7.66"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.7.65"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.7.64"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.7.62"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.7.61"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.7"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.6.39"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.6.38"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.6.36"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.6.32"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.6"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.5.38"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.5.37"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.5"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "sysoev nginx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.0.10"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "50710"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003324"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-315"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.10",
                "versionStartIncluding": "0.6.18",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.7",
                "versionStartIncluding": "1.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:suse:studio:1.2:*:*:*:standard:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:suse:studio_onsite:1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:suse:webyast:1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4315"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ben Hawkes",
    "sources": [
      {
        "db": "BID",
        "id": "50710"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-4315",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2011-4315",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-52260",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-4315",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201111-315",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-52260",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-52260"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003324"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-315"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. nginx is prone to a remote heap-based buffer-overflow vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. \nVersions prior to nginx 1.0.10 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201203-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: nginx: Multiple vulnerabilities\n     Date: March 28, 2012\n     Bugs: #293785, #293786, #293788, #389319, #408367\n       ID: 201203-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  www-servers/nginx            \u003c 1.0.14                  \u003e= 1.0.14\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in nginx:\n\n* The TLS protocol does not properly handle session renegotiation\n  requests (CVE-2009-3555). \n* The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c\n  could cause a NULL pointer dereference (CVE-2009-3896). \n* nginx does not properly sanitize user input for the the WebDAV COPY\n  or MOVE methods (CVE-2009-3898). \n* The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a\n  boundary error which could cause a heap-based buffer overflow\n  (CVE-2011-4315). \n* nginx does not properly parse HTTP header responses which could\n  expose sensitive information (CVE-2012-1180). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.14\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2009-3896\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896\n[ 3 ] CVE-2009-3898\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898\n[ 4 ] CVE-2011-4315\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315\n[ 5 ] CVE-2012-1180\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nnginx DNS Response Handling Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA46798\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46798/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798\n\nRELEASE DATE:\n2011-11-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46798/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46798/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in nginx, which can be exploited by\nmalicious people to potentially compromise a vulnerable system. \n\nSuccessful exploitation may allow execution of arbitrary code but\nrequires that the custom DNS resolver is enabled (disabled by\ndefault). \n\nSOLUTION:\nUpdate to version 1.0.10. \n\nPROVIDED AND/OR DISCOVERED BY:\nBen Hawkes\n\nORIGINAL ADVISORY:\nnginx:\nhttp://nginx.org/en/CHANGES-1.0\n\nBen Hawkes:\nhttp://www.openwall.com/lists/oss-security/2011/11/17/8\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. This fixes a weakness, a\nsecurity issue, and multiple vulnerabilities, which can be exploited\nby malicious people to disclose certain sensitive information, bypass\ncertain security restrictions, cause a DoS (Denial of Service),\nmanipulate certain data, and potentially compromise a vulnerable\nsystem",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4315"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003324"
      },
      {
        "db": "BID",
        "id": "50710"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52260"
      },
      {
        "db": "PACKETSTORM",
        "id": "111273"
      },
      {
        "db": "PACKETSTORM",
        "id": "107566"
      },
      {
        "db": "PACKETSTORM",
        "id": "107076"
      },
      {
        "db": "PACKETSTORM",
        "id": "111263"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-4315",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "50710",
        "trust": 2.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2011/11/17/8",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "47097",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "48577",
        "trust": 1.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2011/11/17/10",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003324",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-315",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "46798",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-52260",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "111273",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "107566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "107076",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "111263",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-52260"
      },
      {
        "db": "BID",
        "id": "50710"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003324"
      },
      {
        "db": "PACKETSTORM",
        "id": "111273"
      },
      {
        "db": "PACKETSTORM",
        "id": "107566"
      },
      {
        "db": "PACKETSTORM",
        "id": "107076"
      },
      {
        "db": "PACKETSTORM",
        "id": "111263"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-315"
      }
    ]
  },
  "id": "VAR-201112-0347",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-52260"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:22:50.930000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CHANGES-1.0",
        "trust": 0.8,
        "url": "http://www.nginx.org/en/changes-1.0"
      },
      {
        "title": "4268 (nginx)",
        "trust": 0.8,
        "url": "http://trac.nginx.org/nginx/changeset/4268/nginx"
      },
      {
        "title": "nginx-1.0.10",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42000"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003324"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-315"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-52260"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003324"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4315"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://trac.nginx.org/nginx/changeset/4268/nginx"
      },
      {
        "trust": 1.8,
        "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/47097"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/48577"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/50710"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-december/070569.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html"
      },
      {
        "trust": 1.7,
        "url": "http://openwall.com/lists/oss-security/2011/11/17/8"
      },
      {
        "trust": 1.7,
        "url": "http://openwall.com/lists/oss-security/2011/11/17/10"
      },
      {
        "trust": 1.7,
        "url": "http://www.nginx.org/en/changes-1.0"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4315"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4315"
      },
      {
        "trust": 0.3,
        "url": "http://nginx.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.nginx.org/en/changes"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/company/jobs/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3896"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3898"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4315"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47097"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/47097/"
      },
      {
        "trust": 0.1,
        "url": "https://hermes.opensuse.org/messages/12768388"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/47097/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798"
      },
      {
        "trust": 0.1,
        "url": "http://www.openwall.com/lists/oss-security/2011/11/17/8"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46798/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46798/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://nginx.org/en/changes-1.0"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/psi_30_beta_launch"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/48577/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/48577/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-52260"
      },
      {
        "db": "BID",
        "id": "50710"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003324"
      },
      {
        "db": "PACKETSTORM",
        "id": "111273"
      },
      {
        "db": "PACKETSTORM",
        "id": "107566"
      },
      {
        "db": "PACKETSTORM",
        "id": "107076"
      },
      {
        "db": "PACKETSTORM",
        "id": "111263"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-315"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-52260"
      },
      {
        "db": "BID",
        "id": "50710"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003324"
      },
      {
        "db": "PACKETSTORM",
        "id": "111273"
      },
      {
        "db": "PACKETSTORM",
        "id": "107566"
      },
      {
        "db": "PACKETSTORM",
        "id": "107076"
      },
      {
        "db": "PACKETSTORM",
        "id": "111263"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-315"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-12-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-52260"
      },
      {
        "date": "2011-11-17T00:00:00",
        "db": "BID",
        "id": "50710"
      },
      {
        "date": "2011-12-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003324"
      },
      {
        "date": "2012-03-29T02:37:12",
        "db": "PACKETSTORM",
        "id": "111273"
      },
      {
        "date": "2011-12-06T04:14:38",
        "db": "PACKETSTORM",
        "id": "107566"
      },
      {
        "date": "2011-11-17T02:29:24",
        "db": "PACKETSTORM",
        "id": "107076"
      },
      {
        "date": "2012-03-28T06:36:19",
        "db": "PACKETSTORM",
        "id": "111263"
      },
      {
        "date": "2011-12-08T20:55:01",
        "db": "NVD",
        "id": "CVE-2011-4315"
      },
      {
        "date": "2011-11-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201111-315"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-52260"
      },
      {
        "date": "2015-04-13T21:13:00",
        "db": "BID",
        "id": "50710"
      },
      {
        "date": "2011-12-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003324"
      },
      {
        "date": "2021-11-10T15:54:43.753000",
        "db": "NVD",
        "id": "CVE-2011-4315"
      },
      {
        "date": "2023-05-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201111-315"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-315"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "nginx Heap-based buffer overflow vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003324"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-315"
      }
    ],
    "trust": 0.6
  }
}