// For flags

CVE-2014-8080

ruby: REXML billion laughs attack via parameter entity expansion

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

El analizador REXML en Ruby 1.9.x anterior a 1.9.3-p550, 2.0.x anterior a 2.0.0-p594, y 2.1.x anterior a 2.1.4 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un documento XML manipulado, también conocido como un ataque de la expansión de entidad XML (XEE).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-10-09 CVE Reserved
  • 2014-11-03 CVE Published
  • 2024-06-15 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CAPEC
References (22)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
12.3
Search vendor "Opensuse" for product "Opensuse" and version "12.3"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.1
Search vendor "Opensuse" for product "Opensuse" and version "13.1"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
<= 1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version " <= 1.9.3"
p550
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p0
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p125
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p194
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p286
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p383
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p385
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p392
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p426
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p429
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p448
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p545
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p547
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p0
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p195
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p247
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p451
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p481
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p576
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.1.1
Search vendor "Ruby-lang" for product "Ruby" and version "2.1.1"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.1.2
Search vendor "Ruby-lang" for product "Ruby" and version "2.1.2"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.1.3
Search vendor "Ruby-lang" for product "Ruby" and version "2.1.3"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
6.0
Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Affected