Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2105

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2013-2105
Last Modified 23 Apr 2014 07:53:45
Published 22 Apr 2014 10:23:33
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2013-2105

Summary

The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

Vulnerable Systems

Application

  • Jonathan Leung Show In Browser 0.0.3


References

XF - showinbrowser-cve20132105-symlink(84378)

MLIST - [oss-security] 20130518 Re: Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability

MISC - http://vapid.dhs.org/advisories/show_in_browser.html


Last Updated: 27 May 2016 11:05:03