CVE-2011-2932
https://notcve.org/view.php?id=CVE-2011-2932
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability." Vulnerabilidad de ejecución de secuencias comandos en sitios cruzados (XSS) en activesupport/lib/active_support/core_ext/string/output_safety.rb en Ruby on Rails v2.x antes de v2.3.13, v3.0.x antes de v3.0.10, y v3.1.x antes de v3.1.0.rc5 permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través de cadenas Unicode malformadas, relacionado con una "vulnerabilidad de escapado UTF-8" • http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html http://secunia.com/advisories/45917 http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6 http://www.openwall.com/lists/oss-security/2011/08/17/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-3187 – Ruby on Rails 3.0.5 - 'WEBrick::HTTPRequest' Module HTTP Header Injection
https://notcve.org/view.php?id=CVE-2011-3187
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. El método to_s en actionpack/lib/action_dispatch/middleware/remote_ip.rb en Ruby on Rails v3.0.5 no valida la cabecera X-Forwarded-For de las peticiones de direcciones IP en una red de Clase C, lo que podría permitir a atacantes remotos la ejecución de documentos de texto en los archivos de registro o evitar análisis de direcciones intencionadas a través de una cabecera modificada. • https://www.exploit-db.com/exploits/35352 http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html http://www.openwall.com/lists/oss-security/2011/08/17/1 http://www.openwall.com/lists/oss-security/2011/08/19/11 http://www.openwall.com/lists/oss-security/2011/08/20/1 http://www.openwall.com/lists/oss-security/2011/08/22/13 http://www.openwall.com/lists/oss-security/2011/08& • CWE-20: Improper Input Validation •
CVE-2011-2931
https://notcve.org/view.php?id=CVE-2011-2931
Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name. Vulnerabilidad de ejecución de secuencias comandos en sitios cruzados (XSS) en strip_tags de actionpack/lib/action_controller/vendor/html-scanner/html/node.rb en Ruby on Rails v2.x antes de v2.3.13, v3.0.x antes de v3.0.10, y v3.1.x antes de v3.1.0.rc5 permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través una etiqueta con un nombre no válido. • http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html http://secunia.com/advisories/45921 http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6 http://www.debian.org/security/2011/dsa-2301 http:// • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-2197
https://notcve.org/view.php?id=CVE-2011-2197
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method. La característica de prevención de secuencias de comandos en sitios cruzados (XSS) de Ruby en Rails v2.x anterior a v2.3.12, v3.0.x anterior a v3.0.8, y v3.1.x anterior a v3.1.0.rc2 no maneja adecuadamente la mutación de búfers seguros, esto facilita a los atacantes remotos provocar ataques XSS a través de cadenas manipuladas de una aplicación que usa un método de cadena problemático, como se ha demostrado con el sub-método. • http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html http://openwall.com/lists/oss-security/2011/06/09/2 http://openwall.com/lists/oss-security/2011/06/13/9 http://secunia.com/advisories/44789 http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-0449
https://notcve.org/view.php?id=CVE-2011-0449
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters. actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x anteriores a v3.0.4, cuando un sistema de ficheros sensible a mayúsculas y minúsculas se utiliza, no se aplican adecuadamente los filtros asociados a la lista de plantillas disponibles, lo que permite a atacantes remotos evitar las restricciones de acceso previsto a través de un nombre de acción que utiliza un caso no deseado para los caracteres alfabéticos. • http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html http://secunia.com/advisories/43278 http://securitytracker.com/id?1025061 http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4 http://www.vupen.com/english/advisories/2011/0877 • CWE-264: Permissions, Privileges, and Access Controls •