CVE-2013-1854

Related Files

Gentoo Linux Security Advisory 201412-28

Posted Dec 15, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-28 - Multiple vulnerabilities were found in Ruby on Rails, the worst of which allowing for execution of arbitrary code. Versions less than 2.3.18 are affected.

tags | advisory, arbitrary, vulnerability, ruby

systems | linux, gentoo

advisories | CVE-2010-3933, CVE-2011-0446, CVE-2011-0447, CVE-2011-0448, CVE-2011-0449, CVE-2011-2929, CVE-2011-2930, CVE-2011-2931, CVE-2011-2932, CVE-2011-3186, CVE-2013-0155, CVE-2013-0156, CVE-2013-0276, CVE-2013-0277, CVE-2013-0333, CVE-2013-1854, CVE-2013-1855, CVE-2013-1856, CVE-2013-1857

SHA-256 | 76dc0b7e4c9e8b791f80a766fcc8ca7f6bcd6698fbd68637fd46c0e03c25cb62

Download | Favorite | View

Red Hat Security Advisory 2014-1863-01

Posted Nov 17, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1863-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. Red Hat Subscription Asset Manager is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request.

tags | advisory, remote, web, arbitrary, local, ruby

systems | linux, redhat

advisories | CVE-2013-1854, CVE-2013-1855, CVE-2013-1857, CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2014-0130

SHA-256 | 688dccb48f0fad7f4ed5bb8b5c284c3cde47754bf1f5692e7d244e4fdf120639

Download | Favorite | View

Apple Security Advisory 2013-06-04-1

Posted Jun 6, 2013

Authored by Apple | Site apple.com

Apple Security Advisory 2013-06-04-1 - OS X Mountain Lion version 10.8.4 and Security Update 2013-002 is now available and addresses over 30 security issues.

tags | advisory

systems | apple, osx

advisories | CVE-2012-2131, CVE-2012-2333, CVE-2012-4929, CVE-2012-5519, CVE-2013-0155, CVE-2013-0276, CVE-2013-0277, CVE-2013-0333, CVE-2013-0975, CVE-2013-0982, CVE-2013-0983, CVE-2013-0984, CVE-2013-0985, CVE-2013-0986, CVE-2013-0987, CVE-2013-0988, CVE-2013-0989, CVE-2013-0990, CVE-2013-1024, CVE-2013-1854, CVE-2013-1855, CVE-2013-1856, CVE-2013-1857

SHA-256 | 29c85f7c4991f40f099be32dac2f2a9438a7fc5388a3ae3de429d2a6ba9bb431

Download | Favorite | View

Red Hat Security Advisory 2013-0699-01

Posted Apr 2, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0699-01 - Ruby on Rails is a model–view–controller framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. A flaw was found in the way hashes were handled in certain queries. A remote attacker could use this flaw to perform a denial of service attack by sending specially-crafted queries that would result in the creation of Ruby symbols, which were never garbage collected.

tags | advisory, remote, web, denial of service, ruby

systems | linux, redhat

advisories | CVE-2013-1854

SHA-256 | b6902657cfe40401e0c98cb2a92a85ea972342fafdcaf8a44cc480e5c5cd61a1

Download | Favorite | View

Debian Security Advisory 2655-1

Posted Mar 29, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2655-1 - Several cross-site-scripting and denial of service vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development.

tags | advisory, web, denial of service, vulnerability, ruby

systems | linux, debian

advisories | CVE-2011-2932, CVE-2012-3464, CVE-2012-3465, CVE-2013-1854, CVE-2013-1855, CVE-2013-1857

SHA-256 | 4c3d58135661cc0677501ab58b5ab4b645bf6e20f7be676bc756293c4c589cf2

Download | Favorite | View