[VIM] [CVENEW] New CVE CANs: 2013/03/19 18:00 ; count=4

coley at mitre.org coley at mitre.org
Tue Mar 19 17:04:36 CDT 2013


======================================================
Name: CVE-2013-1854
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[ruby-security-ann] 20130318 [CVE-2013-1854] Symbol DoS vulnerability in Active Record
Reference: URL:https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain

The Active Record component in Ruby on Rails 2.3.x before 2.3.18,
3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries
by converting hash keys to symbols, which allows remote attackers to
cause a denial of service via crafted input to a where method.



======================================================
Name: CVE-2013-1855
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[rubyonrails-security] 20130318 [CVE-2013-1855] XSS vulnerability in sanitize_css in Action Pack
Reference: URL:https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain

The sanitize_css method in
lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the
Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x
before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n
(newline) characters, which makes it easier for remote attackers to
conduct cross-site scripting (XSS) attacks via crafted Cascading Style
Sheets (CSS) token sequences.



======================================================
Name: CVE-2013-1856
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1856
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[rubyonrails-security] 20130318 [CVE-2013-1856] XML Parsing Vulnerability affecting JRuby users
Reference: URL:https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain

The ActiveSupport::XmlMini_JDOM backend in
lib/active_support/xml_mini/jdom.rb in the Active Support component in
Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13,
when JRuby is used, does not properly restrict the capabilities of the
XML parser, which allows remote attackers to read arbitrary files or
cause a denial of service (resource consumption) via vectors involving
(1) an external DTD or (2) an external entity declaration in
conjunction with an entity reference.



======================================================
Name: CVE-2013-1857
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[rubyonrails-security] 20130318 [CVE-2013-1857] XSS Vulnerability in the `sanitize` helper of Ruby on Rails
Reference: URL:https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain

The sanitize helper in
lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the
Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x
before 3.1.12, and 3.2.x before 3.2.13 does not properly handle
encoded : (colon) characters in URLs, which makes it easier for remote
attackers to conduct cross-site scripting (XSS) attacks via a crafted
scheme name, as demonstrated by including a : sequence.





More information about the VIM mailing list