CVE-2014-7818
https://notcve.org/view.php?id=CVE-2014-7818
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. Vulnerabilidad de salto de directorio en actionpack/lib/action_dispatch/middleware/static.rb en Action Pack en Ruby on Rails 3.x anterior a 3.2.20, 4.0.x anterior a 4.0.11, 4.1.x anterior a 4.1.7, y 4.2.x anterior a 4.2.0.beta3, cuando serve_static_assets está habilitado, permite a atacantes remotos determinar la existencia de ficheros fuera del root de la aplicación a través de una secuencia /..%2F. • http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ https://puppet.com/security/cve/cve-2014-7829 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-0130 – Ruby on Rails Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2014-0130
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request. Vulnerabilidad de salto de directorio en actionpack/lib/abstract_controller/base.rb en la implementación implicit-render en Ruby on Rails anterior a 3.2.18, 4.0.x anterior a 4.0.5 y 4.1.x anterior a 4.1.1, cuando ciertas configuraciones de coincidencia de patrones en rutas basadas en caracteres comodín (globbing) están habilitadas, permite a atacantes remotos leer archivos arbitrarios a través de una solicitud manipulada. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request. Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request. • http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf http://rhn.redhat.com/errata/RHSA-2014-1863.html http://www.securityfocus.com/bid/67244 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ https://access.redhat.com/security/cve/CVE-2014-0130 https://bugzilla.redhat.com/show_bug.cgi?id=1095105 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-0082 – rubygem-actionpack: Action View string handling denial of service
https://notcve.org/view.php?id=CVE-2014-0082
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers. actionpack/lib/action_view/template/text.rb en Action View en Ruby on Rails 3.x anterior a 3.2.17 convierte cadenas tipo MIME a símbolos durante el uso de la opción :text al método render, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria) mediante la inclusión de estas cadenas en cabeceras. • http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html http://openwall.com/lists/oss-security/2014/02/18/10 http://rhn.redhat.com/errata/RHSA-2014-0215.html http://rhn.redhat.com/errata/RHSA-2014-0306.html http://secunia.com/advisories/57376 http://secunia.com/advisories/57836 http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ https://puppet.com& • CWE-20: Improper Input Validation •
CVE-2014-0081 – rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability
https://notcve.org/view.php?id=CVE-2014-0081
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. Múltiples vulnerabilidades de XSS en actionview/lib/action_view/helpers/number_helper.rb en Ruby on Rails anterior a 3.2.17, 4.0.x anterior a 4.0.3 y 4.1.x anterior a 4.1.0.beta2 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro (1) format, (2) negative_format, o (3) units hacia la ayuda de (a) number_to_currency, (b) number_to_percentage, o (c) number_to_human. • http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html http://openwall.com/lists/oss-security/2014/02/18/8 http://rhn.redhat.com/errata/RHSA-2014-0215.html http://rhn.redhat.com/errata/RHSA-2014-0306.html http://secunia.com/advisories/57376 http://www.securityfocus.com/bid/65647 http://www.securitytracker.com/id/1029782 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ https://access.redhat.com/security/cve/CVE-2014-0081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6414 – rubygem-actionpack: Action View DoS
https://notcve.org/view.php?id=CVE-2013-6414
actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching. actionpack/lib/action_view/lookup_context.rb en Action View en Ruby on Rails 3.x anteriores a 3.2.16 y 4.x anteriores a 4.0.2 permite a atacantes remotos causar denegación de servicio (consumo de memoria) a través de una cabecera conteniendo un tipo MIME inválido que conduce a un cacheo excesivo. A denial of service flaw was found in the header handling component of Action View. A remote attacker could send strings in specially crafted headers that would be cached indefinitely, which would result in all available system memory eventually being consumed. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-1794.html http://rhn.redhat.com/errata/RHSA-2014-0008.html http://rhn.redhat.com/errata/RHSA-2014-1863.html http://secunia.com/advisories/57836 http://weblog.rubyonrails.org/2013/12 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •