exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed


Status Candidate


The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."

Related Files

Gentoo Linux Security Advisory 201412-27
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-27 - Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition. Versions less than 2.0.0_p598 are affected.

tags | advisory, denial of service, vulnerability, ruby
systems | linux, gentoo
advisories | CVE-2011-0188, CVE-2011-1004, CVE-2011-1005, CVE-2011-4815, CVE-2012-4481, CVE-2012-5371, CVE-2013-0269, CVE-2013-1821, CVE-2013-4164, CVE-2014-8080, CVE-2014-8090
SHA-256 | 54e66264d3d6d38c3086840b65a1d59298b94700ea2d898a1673e706acdba6e8
Red Hat Security Advisory 2013-1185-01
Posted Aug 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1185-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss Fuse 6.0.0 patch 2 is an update to Red Hat JBoss Fuse 6.0.0 and includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-0269, CVE-2013-1768, CVE-2013-1821, CVE-2013-2160
SHA-256 | 0939186bded3bc21379c4815dec6ff27fa7ec3cd68880f3f51e0f782423a24ac
Red Hat Security Advisory 2013-1147-01
Posted Aug 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1147-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2012-5783, CVE-2013-0269, CVE-2013-1821
SHA-256 | 11be102b169787b03d6c2152f3add04d435de5e2cb57176df49df6ccdaf958a5
Red Hat Security Advisory 2013-1028-01
Posted Jul 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1028-01 - Fuse ESB Enterprise, based on Apache ServiceMix, provides an integration platform. This release of Fuse ESB Enterprise 7.1.0 roll up patch 1 is an update to Fuse ESB Enterprise 7.1.0 and includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-5575, CVE-2013-0269, CVE-2013-1821, CVE-2013-2160
SHA-256 | dbfdd55df544378dcc45bbf34e83daecacebea4051e3922e1233975573bd1954
Red Hat Security Advisory 2013-0701-01
Posted Apr 3, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0701-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw in rubygem-json and ruby193-rubygem-json allowed remote attacks by creating different types of malicious objects. For example, it could initiate a denial of service attack through resource consumption by using a JSON document to create arbitrary Ruby symbols, which were never garbage collected. It could also be exploited to create internal objects which could allow a SQL injection attack. It was found that documentation created by rubygem-rdoc and ruby193-rubygem-rdoc was vulnerable to a cross-site scripting attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's session. As rubygem-rdoc and ruby193-rubygem-rdoc are used for creating documentation for Ruby source files, it is not a common scenario to make such documentation accessible over the network.

tags | advisory, remote, web, denial of service, arbitrary, xss, sql injection, ruby
systems | linux, redhat
advisories | CVE-2013-0256, CVE-2013-0269
SHA-256 | 21efbd85baf775bf343fbbe58aead019bee9fbcbd96c4e3f3a252fe9940c4e97
Red Hat Security Advisory 2013-0686-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0686-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. The latest packages for Subscription Asset Manager include a number of security fixes: When a Subscription Asset Manager instance is created, its configuration script automatically creates an RPM of the internal subscription service CA certificate. However, this RPM incorrectly created the CA certificate with file permissions of 0666. This allowed other users on a client system to modify the CA certificate used to trust the remote subscription server. All administrators are advised to update and deploy the subscription service certificate on all systems which use Subscription Asset Manager as their subscription service.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-6116, CVE-2012-6119, CVE-2013-0256, CVE-2013-0263, CVE-2013-0269, CVE-2013-0276, CVE-2013-1823
SHA-256 | 0963c8e1d61d8ac6df642de01a0698f0b64aa8bfa0d30d87859ee165ddb3111b
Slackware Security Advisory - ruby Updates
Posted Mar 17, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2013-0269,CVE-2013-1821.

tags | advisory, ruby
systems | linux, slackware
advisories | CVE-2013-0269, CVE-2013-1821
SHA-256 | 70a8eb7a223701d6486e1e966e766e93b9134439ef37ecbdbb2e91516d3ffa3e
Ubuntu Security Notice USN-1733-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1733-1 - Jean-Philippe Aumasson discovered that Ruby incorrectly generated predictable hash values. An attacker could use this issue to generate hash collisions and cause a denial of service. Evgeny Ermakov discovered that documentation generated by rdoc is vulnerable to a cross-site scripting issue. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, xss, ruby
systems | linux, ubuntu
advisories | CVE-2012-5371, CVE-2013-0256, CVE-2013-0269, CVE-2012-5371, CVE-2013-0256, CVE-2013-0269
SHA-256 | dddd7e4c2113ee021334b4b14478e4a1ed7d308a57d26ab172def828073de257
Page 1 of 1

File Archive:

May 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    16 Files
  • 3
    May 3rd
    38 Files
  • 4
    May 4th
    15 Files
  • 5
    May 5th
    35 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    8 Files
  • 9
    May 9th
    65 Files
  • 10
    May 10th
    19 Files
  • 11
    May 11th
    27 Files
  • 12
    May 12th
    8 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    1 Files
  • 15
    May 15th
    19 Files
  • 16
    May 16th
    66 Files
  • 17
    May 17th
    28 Files
  • 18
    May 18th
    32 Files
  • 19
    May 19th
    13 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    23 Files
  • 23
    May 23rd
    15 Files
  • 24
    May 24th
    49 Files
  • 25
    May 25th
    20 Files
  • 26
    May 26th
    13 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By