7.5

CVE-2011-0449

EPSS 0.56%
Veröffentlicht 21.02.2011 18:00:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rubyonrails ≫ Rails Version3.0.0

Rubyonrails ≫ Rails Version3.0.0 Updatebeta

Rubyonrails ≫ Rails Version3.0.0 Updatebeta2

Rubyonrails ≫ Rails Version3.0.0 Updatebeta3

Rubyonrails ≫ Rails Version3.0.0 Updatebeta4

Rubyonrails ≫ Rails Version3.0.0 Updaterc

Rubyonrails ≫ Rails Version3.0.0 Updaterc2

Rubyonrails ≫ Rails Version3.0.1

Rubyonrails ≫ Rails Version3.0.1 Updatepre

Rubyonrails ≫ Rails Version3.0.2

Rubyonrails ≫ Rails Version3.0.2 Updatepre

Rubyonrails ≫ Rails Version3.0.3

Rubyonrails ≫ Rails Version3.0.4 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.654

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

http://www.vupen.com/english/advisories/2011/0877

http://secunia.com/advisories/43278

Vendor Advisory

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

Patch

http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain

http://securitytracker.com/id?1025061

https://nvd.nist.gov/vuln/detail/CVE-2011-0449

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-0449

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-0449

EUVD