Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1098

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1098
Last Modified 06 Jul 2012 12:00:00
Published 13 Mar 2012 06:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1098

Summary

Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.

Vulnerable Systems

Application

  • Ruby On Rails 3.0.0

  • Ruby On Rails 3.0.1

  • Ruby On Rails 3.0.10

  • Ruby On Rails 3.0.11

  • Ruby On Rails 3.0.12

  • Ruby On Rails 3.0.2

  • Ruby On Rails 3.0.3

  • Ruby On Rails 3.0.4

  • Ruby On Rails 3.0.5

  • Ruby On Rails 3.0.6

  • Ruby On Rails 3.0.7

  • Ruby On Rails 3.0.8

  • Ruby On Rails 3.0.9

  • Ruby On Rails 3.1.0

  • Ruby On Rails 3.1.1

  • Ruby On Rails 3.1.2

  • Ruby On Rails 3.1.2rc1

  • Ruby On Rails 3.1.3

  • Ruby On Rails 3.1.4

  • Ruby On Rails 3.2.0

  • Ruby On Rails 3.2.1

  • Ruby On Rails 3.2.2

  • Rubyonrails Ruby On Rails 3.0.0

  • Rubyonrails Ruby On Rails 3.0.1

  • Rubyonrails Ruby On Rails 3.0.10

  • Rubyonrails Ruby On Rails 3.0.11

  • Rubyonrails Ruby On Rails 3.0.12

  • Rubyonrails Ruby On Rails 3.0.2

  • Rubyonrails Ruby On Rails 3.0.3

  • Rubyonrails Ruby On Rails 3.0.4

  • Rubyonrails Ruby On Rails 3.0.5

  • Rubyonrails Ruby On Rails 3.0.6

  • Rubyonrails Ruby On Rails 3.0.7

  • Rubyonrails Ruby On Rails 3.0.8

  • Rubyonrails Ruby On Rails 3.0.9

  • Rubyonrails Ruby On Rails 3.1.0

  • Rubyonrails Ruby On Rails 3.1.1

  • Rubyonrails Ruby On Rails 3.1.2

  • Rubyonrails Ruby On Rails 3.1.3

  • Rubyonrails Ruby On Rails 3.1.4

  • Rubyonrails Ruby On Rails 3.2.0

  • Rubyonrails Ruby On Rails 3.2.1

  • Rubyonrails Ruby On Rails 3.2.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=799275

MLIST - [oss-security] 20120302 Re: CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws

MLIST - [oss-security] 20120302 CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws

CONFIRM - http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

MLIST - [rubyonrails-security] 20120301 Possible XSS Security Vulnerability in SafeBuffer#[]


Last Updated: 27 May 2016 10:57:27