CVE-2012-3464 – rubygem-actionpack: potential XSS vulnerability
https://notcve.org/view.php?id=CVE-2012-3464
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en activesupport/lib/active_support/core_ext/string/output_safety.rb en Ruby on Rails anteriores a v3.0.17, v3.1.x anteriores a v3.1.8, y 3.2.x anteriores a v3.2.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que implican el caracter ' (comilla). • http://rhn.redhat.com/errata/RHSA-2013-0154.html http://secunia.com/advisories/50694 http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain https://access.redhat.com/security/cve/CVE-2012-3464 https://bugzilla.redhat.com/show_bug.cgi?id=847199 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-3463 – rubygem-actionpack: potential XSS vulnerability in select_tag prompt
https://notcve.org/view.php?id=CVE-2012-3463
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en actionpack/lib/action_view/helpers/form_tag_helper.rb en Ruby on Rails v3.x anterior a v3.0.17, v3.1.x anterior a v3.1.8, y v3.2.x anterior a v3.2.8 permite la administración remota los atacantes para inyectar secuencias de comandos web o HTML a través del campo del sistema para el (helper) select_tag. • http://rhn.redhat.com/errata/RHSA-2013-0154.html http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain https://access.redhat.com/security/cve/CVE-2012-3463 https://bugzilla.redhat.com/show_bug.cgi?id=847196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-3424 – rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest
https://notcve.org/view.php?id=CVE-2012-3424
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method. El método decode_credentials method en actionpack/lib/action_controller/metal/http_authentication.rb en Ruby on Rails 3.x anterior a 3.0.16, 3.1.x anterior a 3.1.7, y 3.2.x anterior a 3.2.7 convierte las cadenas Digest Authentication a símbolos, lo que permite a atacantes remotos provocar una denegación de servicio aprovechando el acceso a una aplicación que se utiliza un método de ayuda with_http_digest, como se demostró con el método authenticate_or_request_with_http_digest. • http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html http://rhn.redhat.com/errata/RHSA-2013-0154.html http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain https://access.redhat.com/security/cve/CVE-2012-3424 https://bugzilla.redhat.com/show_bug.cgi?id=843711 • CWE-287: Improper Authentication •
CVE-2012-2695 – rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than CVE-2012-2661)
https://notcve.org/view.php?id=CVE-2012-2695
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661. El componente 'Active Record' en Ruby on Rails antes de la version v3.0.14, v3.1.x antes de v3.1.6 y v3.2.x antes de v3.2.6 no implementa correctamente el paso de los datos de la solicitud a un método 'where' en la clase ActiveRecord, lo que permite llevar a cabo determinados ataques de inyección SQL a atacantes remotos a través de los parámetros de consulta anidadas que aprovechan una indebida manipulación de los hashes anidados. Es un problema relacionado con el CVE-2012-2661. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html http://rhn.redhat.com/errata/RHSA-2013-0154.html https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain https://access.redhat.com/security/cve/CVE-2012-2695 https:/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2012-2660 – rubygem-actionpack: Unsafe query generation
https://notcve.org/view.php?id=CVE-2012-2660
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694. actionpack/lib/action_dispatch/http/request.rb en Ruby on Rails antes de v3.0.13, v3.1.x antes de v3.1.5 y v3.2.x antes de v3.2.4 no tienen debidamente en cuenta las diferencias en el manejo de parámetros entre el componente Active Record y la interfaz Rack, lo que permite a atacantes remotos evitar las restricciones de consulta de bases de datos y realizar comprobaciones de nulos a través de una solicitud hecha a mano, por ejemplo con valores "[nil]". Se trata de un problema relacionado con el CVE-2012-2694. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html http://rhn.redhat.com/errata/RHSA-2013-0154.html https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=g • CWE-264: Permissions, Privileges, and Access Controls •