Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-1330

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2010-1330
Last Modified 25 Feb 2013 11:23:20
Published 23 Nov 2012 02:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-1330

Summary

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.

Vulnerable Systems

Application

  • Jruby 0.9.0

  • Jruby 0.9.1

  • Jruby 0.9.2

  • Jruby 0.9.8

  • Jruby 0.9.9

  • Jruby 1.0

  • Jruby 1.0.0

  • Jruby 1.0.1

  • Jruby 1.0.2

  • Jruby 1.0.3

  • Jruby 1.1

  • Jruby 1.1.1

  • Jruby 1.1.2

  • Jruby 1.1.3

  • Jruby 1.1.4

  • Jruby 1.1.5

  • Jruby 1.1.6

  • Jruby 1.2.0

  • Jruby 1.3.0

  • Jruby 1.3.1

  • Jruby 1.4.0


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=750306

MISC - https://bugs.gentoo.org/show_bug.cgi?id=317435

OSVDB - 77297

CONFIRM - http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html

SECUNIA - 46891

REDHAT - RHSA-2011:1456

XF - jruby-expression-engine-xss(80277)


Last Updated: 27 May 2016 10:58:30