7.5

CVE-2011-0449

EPSS 0.56%
Published 21.02.2011 18:00:01
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Rubyonrails ≫ Rails Version3.0.0

Rubyonrails ≫ Rails Version3.0.0 Updatebeta

Rubyonrails ≫ Rails Version3.0.0 Updatebeta2

Rubyonrails ≫ Rails Version3.0.0 Updatebeta3

Rubyonrails ≫ Rails Version3.0.0 Updatebeta4

Rubyonrails ≫ Rails Version3.0.0 Updaterc

Rubyonrails ≫ Rails Version3.0.0 Updaterc2

Rubyonrails ≫ Rails Version3.0.1

Rubyonrails ≫ Rails Version3.0.1 Updatepre

Rubyonrails ≫ Rails Version3.0.2

Rubyonrails ≫ Rails Version3.0.2 Updatepre

Rubyonrails ≫ Rails Version3.0.3

Rubyonrails ≫ Rails Version3.0.4 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.56%	0.654

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

http://www.vupen.com/english/advisories/2011/0877

http://secunia.com/advisories/43278

Vendor Advisory

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

Patch

http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain

http://securitytracker.com/id?1025061

https://nvd.nist.gov/vuln/detail/CVE-2011-0449

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-0449

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-0449

EUVD