Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0276

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-0276
Last Modified 05 Jun 2013 11:24:30
Published 12 Feb 2013 08:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0276

Summary

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.

Vulnerable Systems

Application

  • Rubyonrails Ruby On Rails 2.3.0

  • Rubyonrails Ruby On Rails 2.3.1

  • Rubyonrails Ruby On Rails 2.3.10

  • Rubyonrails Ruby On Rails 2.3.11

  • Rubyonrails Ruby On Rails 2.3.12

  • Rubyonrails Ruby On Rails 2.3.13

  • Rubyonrails Ruby On Rails 2.3.14

  • Rubyonrails Ruby On Rails 2.3.15

  • Rubyonrails Ruby On Rails 2.3.16

  • Rubyonrails Ruby On Rails 2.3.2

  • Rubyonrails Ruby On Rails 2.3.3

  • Rubyonrails Ruby On Rails 2.3.4

  • Rubyonrails Ruby On Rails 2.3.9

  • Rubyonrails Ruby On Rails 3.1.0

  • Rubyonrails Ruby On Rails 3.1.1

  • Rubyonrails Ruby On Rails 3.1.10

  • Rubyonrails Ruby On Rails 3.1.2

  • Rubyonrails Ruby On Rails 3.1.3

  • Rubyonrails Ruby On Rails 3.1.4

  • Rubyonrails Ruby On Rails 3.1.5

  • Rubyonrails Ruby On Rails 3.1.6

  • Rubyonrails Ruby On Rails 3.1.7

  • Rubyonrails Ruby On Rails 3.1.8

  • Rubyonrails Ruby On Rails 3.1.9

  • Rubyonrails Ruby On Rails 3.2.0

  • Rubyonrails Ruby On Rails 3.2.1

  • Rubyonrails Ruby On Rails 3.2.10

  • Rubyonrails Ruby On Rails 3.2.11

  • Rubyonrails Ruby On Rails 3.2.2

  • Rubyonrails Ruby On Rails 3.2.3

  • Rubyonrails Ruby On Rails 3.2.4

  • Rubyonrails Ruby On Rails 3.2.5

  • Rubyonrails Ruby On Rails 3.2.6

  • Rubyonrails Ruby On Rails 3.2.7

  • Rubyonrails Ruby On Rails 3.2.8

  • Rubyonrails Ruby On Rails 3.2.9


References

CONFIRM - https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8

BID - 57896

OSVDB - 90072

MLIST - [oss-security] 20130211 Circumvention of attr_protected [CVE-2013-0276]

CONFIRM - http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/

DEBIAN - DSA-2620

MLIST - [rubyonrails-security] 20130211 Circumvention of attr_protected [CVE-2013-0276]

SECUNIA - 52112

SECUNIA - 52774

REDHAT - RHSA-2013:0686

SUSE - openSUSE-SU-2013:0462

CONFIRM - http://support.apple.com/kb/HT5784

APPLE - APPLE-SA-2013-06-04-1


Last Updated: 27 May 2016 11:01:50