5
CVE-2008-3790
- EPSS 15.2%
- Veröffentlicht 27.08.2008 20:41:00
- Zuletzt bearbeitet 16.06.2026 22:56:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 15.2% | 0.963 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://secunia.com/advisories/35074
http://support.apple.com/kb/HT3549
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1297
http://secunia.com/advisories/32371
http://www.redhat.com/support/errata/RHSA-2008-0897.html
http://secunia.com/advisories/33178
http://security.gentoo.org/glsa/glsa-200812-17.xml
http://secunia.com/advisories/32219
https://usn.ubuntu.com/651-1/
http://secunia.com/advisories/32165
http://secunia.com/advisories/32255
http://secunia.com/advisories/32256
http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
http://www.debian.org/security/2008/dsa-1651
http://www.debian.org/security/2008/dsa-1652
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html
http://secunia.com/advisories/33185
https://usn.ubuntu.com/691-1/
http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca
http://secunia.com/advisories/31602
http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release
http://www.openwall.com/lists/oss-security/2008/08/25/4
http://www.openwall.com/lists/oss-security/2008/08/26/1
http://www.openwall.com/lists/oss-security/2008/08/26/4
http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb
http://www.securityfocus.com/bid/30802
http://www.securitytracker.com/id?1020735
http://www.vupen.com/english/advisories/2008/2428
http://www.vupen.com/english/advisories/2008/2483
https://exchange.xforce.ibmcloud.com/vulnerabilities/44628
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393