RubygemsResearch

Sha256: 22abd384362ed30314dc8febe353f00385e5a277aba0b00468e595b85f7cc6b3

Contents?: true

Size: 1.21 KB

Versions: 9

Compression:

Stored size: 1.21 KB

module Codesake
	module Dawn
		module Kb
			# Automatically created with rake on 2014-01-08
			class CVE_2011_3187
				include DependencyCheck

				def initialize
          message = "The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header."

          super({
            :name=>"CVE-2011-3187",
            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
            :release_date => Date.new(2011, 8, 29),
            :cwe=>"20",
            :owasp=>"A9", 
            :applies=>["rails"],
            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
            :message=>message,
            :mitigation=>"Please upgrade rails to version 3.0.6. As a general rule, using the latest stable version is recommended.",
            :aux_links=>["http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html"]
          })

          self.safe_dependencies = [{:name=>"rails", :version=>['3.0.6']}]
          self.save_major = true

				end
			end
		end
	end
end

Version data entries

9 entries across 9 versions & 2 rubygems

Version	Path
dawnscanner-1.2.99	lib/codesake/dawn/kb/cve_2011_3187.rb
codesake-dawn-1.2.99	lib/codesake/dawn/kb/cve_2011_3187.rb
codesake-dawn-1.2.0	lib/codesake/dawn/kb/cve_2011_3187.rb
codesake-dawn-1.1.3	lib/codesake/dawn/kb/cve_2011_3187.rb
codesake-dawn-1.1.2	lib/codesake/dawn/kb/cve_2011_3187.rb
codesake-dawn-1.1.1	lib/codesake/dawn/kb/cve_2011_3187.rb
codesake-dawn-1.1.0	lib/codesake/dawn/kb/cve_2011_3187.rb
codesake-dawn-1.1.0.rc2	lib/codesake/dawn/kb/cve_2011_3187.rb
codesake-dawn-1.1.0.rc1	lib/codesake/dawn/kb/cve_2011_3187.rb