PT-2013-6037 · Ruby+1 · Ruby On Rails+1

Toby Hsieh

Publicado

2013-12-07

Atualizado

2019-08-08

CVE-2013-6414

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Action View in Ruby on Rails versions 3.x through 3.2.15 Action View in Ruby on Rails versions 4.x through 4.0.1

Description The issue allows remote attackers to cause a denial of service, resulting in memory consumption, via a header containing an invalid MIME type that leads to excessive caching. This occurs due to a problem in actionpack/lib/action view/lookup context.rb.

Recommendations For Action View in Ruby on Rails versions 3.x through 3.2.15, update to version 3.2.16 or later. For Action View in Ruby on Rails versions 4.x through 4.0.1, update to version 4.0.2 or later.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2013-6414

DSA-2888-1

GHSA-MPXF-GCW2-PW5Q

RHSA-2013:1794

RHSA-2014:0008

Produtos afetados

Ruby On Rails

Suse

PT-2013-6037 · Ruby+1 · Ruby On Rails+1

CVE-2013-6414

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 25