admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2011/CVE-2011-04xx/CVE-2011-0449.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

196 lines
6.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2011-0449",
"sourceIdentifier": "cve@mitre.org",
"published": "2011-02-21T18:00:01.363",
"lastModified": "2024-11-21T01:24:00.467",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters."
},
{
"lang": "es",
"value": "actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x anteriores a v3.0.4, cuando un sistema de ficheros sensible a may\u00fasculas y min\u00fasculas se utiliza, no se aplican adecuadamente los filtros asociados a la lista de plantillas disponibles, lo que permite a atacantes remotos evitar las restricciones de acceso previsto a trav\u00e9s de un nombre de acci\u00f3n que utiliza un caso no deseado para los caracteres alfab\u00e9ticos."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BE7DFE-BA20-434B-A1DE-AD038B255C60"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "DCEE5B21-C990-4705-8239-0D7B29DAEDA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "65EE33B1-B079-4CDE-B9C2-F1613A4610DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5CAAA20B-824F-4448-99DC-9712FE628073"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D2BEBDFB-0F30-454A-B74C-F820C9D2708B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "1D7CD8C1-95D1-477E-AD96-6582EC33BA01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6F00D98-3D0F-40AF-AE4F-090B1E6B660C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9476CE55-69C0-45D3-B723-6F459C90BF05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*",
"matchCriteriaId": "486F5BA6-BCF7-4691-9754-19D364B4438D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "112FC73B-A8BC-4EEA-9F4B-CCE685EF2838"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*",
"matchCriteriaId": "E4498383-6FCA-4E17-A1FD-B0CE7EE50F85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D26565B1-2BA6-4A3C-9264-7FC9A1820B59"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "644EF85E-6D3E-4F5C-96B0-49AD2A2D90CE"
}
]
}
]
}
],
"references": [
{
"url": "http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain",
"source": "cve@mitre.org"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/43278",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://securitytracker.com/id?1025061",
"source": "cve@mitre.org"
},
{
"url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://www.vupen.com/english/advisories/2011/0877",
"source": "cve@mitre.org"
},
{
"url": "http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://secunia.com/advisories/43278",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://securitytracker.com/id?1025061",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://www.vupen.com/english/advisories/2011/0877",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink