admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2011/0xxx/CVE-2011-0447.json
CVE Team b57952ab34
"-Synchronized-Data."
2019-03-17 23:39:45 +00:00

117 lines
4.1 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage \"combinations of browser plugins and HTTP redirects,\" a related issue to CVE-2011-0696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0587",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0587"
},
{
"name": "http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails"
},
{
"name": "1025060",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025060"
},
{
"name": "FEDORA-2011-2138",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html"
},
{
"name": "46291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46291"
},
{
"name": "DSA-2247",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2247"
},
{
"name": "[rubyonrails-security] 20110209 CSRF Protection Bypass in Ruby on Rails",
"refsource": "MLIST",
"url": "http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain"
},
{
"name": "FEDORA-2011-4358",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html"
},
{
"name": "43274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43274"
},
{
"name": "ADV-2011-0877",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0877"
},
{
"name": "FEDORA-2011-2133",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html"
},
{
"name": "43666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43666"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink