Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3790

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3790
Last Modified 07 Mar 2011 10:11:24
Published 27 Aug 2008 04:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3790

Summary

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."

Vulnerable Systems

Application

  • Ruby-lang Ruby 1.8.6

  • Ruby-lang Ruby 1.8.7

  • Ruby-lang Ruby 1.9


References

CERT - TA09-133A

CONFIRM - http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb

CONFIRM - http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/

FEDORA - FEDORA-2008-8736

FEDORA - FEDORA-2008-8738

XF - ruby-rexml-dos(44628)

VUPEN - ADV-2009-1297

VUPEN - ADV-2008-2483

VUPEN - ADV-2008-2428

UBUNTU - USN-691-1

UBUNTU - USN-651-1

SECTRACK - 1020735

BID - 30802

REDHAT - RHSA-2008:0897

MLIST - [oss-security] 20080826 Re: CVE Request (ruby)

MLIST - [oss-security] 20080825 CVE Request (ruby)

DEBIAN - DSA-1652

DEBIAN - DSA-1651

CONFIRM - http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm

CONFIRM - http://support.apple.com/kb/HT3549

GENTOO - GLSA-200812-17

SECUNIA - 35074

SECUNIA - 33185

SECUNIA - 33178

SECUNIA - 32371

SECUNIA - 32256

SECUNIA - 32255

SECUNIA - 32219

SECUNIA - 32165

SECUNIA - 31602

APPLE - APPLE-SA-2009-05-12

MISC - http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca

Related Patches

Apple 2009-05-12 Mac OS X 10.5.7 Combo Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Update

Apple 2009-05-12 Mac OS X 10.5.7 Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Combo Update


Last Updated: 27 May 2016 10:48:18