admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2011/CVE-2011-04xx/CVE-2011-0448.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

210 lines
6.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2011-0448",
"sourceIdentifier": "cve@mitre.org",
"published": "2011-02-21T18:00:01.287",
"lastModified": "2024-11-21T01:24:00.280",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument."
},
{
"lang": "es",
"value": "Ruby on Rails v3.0.x anteriores a v3.0.4 no garantiza que los argumentos de la funci\u00f3n de especificar los valores l\u00edmite de n\u00famero entero, lo que facilita a los atacantes remotos para realizar ataques de inyecci\u00f3n SQL a trav\u00e9s de un argumento no num\u00e9rico."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BE7DFE-BA20-434B-A1DE-AD038B255C60"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "DCEE5B21-C990-4705-8239-0D7B29DAEDA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "65EE33B1-B079-4CDE-B9C2-F1613A4610DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5CAAA20B-824F-4448-99DC-9712FE628073"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D2BEBDFB-0F30-454A-B74C-F820C9D2708B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "1D7CD8C1-95D1-477E-AD96-6582EC33BA01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6F00D98-3D0F-40AF-AE4F-090B1E6B660C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9476CE55-69C0-45D3-B723-6F459C90BF05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*",
"matchCriteriaId": "486F5BA6-BCF7-4691-9754-19D364B4438D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "112FC73B-A8BC-4EEA-9F4B-CCE685EF2838"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*",
"matchCriteriaId": "E4498383-6FCA-4E17-A1FD-B0CE7EE50F85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D26565B1-2BA6-4A3C-9264-7FC9A1820B59"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "644EF85E-6D3E-4F5C-96B0-49AD2A2D90CE"
}
]
}
]
}
],
"references": [
{
"url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/43278",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://securitytracker.com/id?1025063",
"source": "cve@mitre.org"
},
{
"url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://www.vupen.com/english/advisories/2011/0877",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474",
"source": "cve@mitre.org"
},
{
"url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://secunia.com/advisories/43278",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://securitytracker.com/id?1025063",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://www.vupen.com/english/advisories/2011/0877",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink