CVE-2014-0082

EPSS 6.46%
Published 20.02.2014 15:27:09
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Rubyonrails ≫ Rails Version3.0.0

Rubyonrails ≫ Rails Version3.0.0 Updatebeta

Rubyonrails ≫ Rails Version3.0.0 Updatebeta2

Rubyonrails ≫ Rails Version3.0.0 Updatebeta3

Rubyonrails ≫ Rails Version3.0.0 Updatebeta4

Rubyonrails ≫ Rails Version3.0.0 Updaterc

Rubyonrails ≫ Rails Version3.0.0 Updaterc2

Rubyonrails ≫ Rails Version3.0.1

Rubyonrails ≫ Rails Version3.0.1 Updatepre

Rubyonrails ≫ Rails Version3.0.2

Rubyonrails ≫ Rails Version3.0.2 Updatepre

Rubyonrails ≫ Rails Version3.0.3

Rubyonrails ≫ Rails Version3.0.4 Updaterc1

Rubyonrails ≫ Rails Version3.0.5

Rubyonrails ≫ Rails Version3.0.5 Updaterc1

Rubyonrails ≫ Rails Version3.0.6

Rubyonrails ≫ Rails Version3.0.6 Updaterc1

Rubyonrails ≫ Rails Version3.0.6 Updaterc2

Rubyonrails ≫ Rails Version3.0.7

Rubyonrails ≫ Rails Version3.0.7 Updaterc1

Rubyonrails ≫ Rails Version3.0.7 Updaterc2

Rubyonrails ≫ Rails Version3.0.8

Rubyonrails ≫ Rails Version3.0.8 Updaterc1

Rubyonrails ≫ Rails Version3.0.8 Updaterc2

Rubyonrails ≫ Rails Version3.0.8 Updaterc3

Rubyonrails ≫ Rails Version3.0.8 Updaterc4

Rubyonrails ≫ Rails Version3.0.9

Rubyonrails ≫ Rails Version3.0.9 Updaterc1

Rubyonrails ≫ Rails Version3.0.9 Updaterc2

Rubyonrails ≫ Rails Version3.0.9 Updaterc3

Rubyonrails ≫ Rails Version3.0.9 Updaterc4

Rubyonrails ≫ Rails Version3.0.9 Updaterc5

Rubyonrails ≫ Rails Version3.0.10

Rubyonrails ≫ Rails Version3.0.10 Updaterc1

Rubyonrails ≫ Rails Version3.0.11

Rubyonrails ≫ Rails Version3.0.12

Rubyonrails ≫ Rails Version3.0.12 Updaterc1

Rubyonrails ≫ Rails Version3.0.13

Rubyonrails ≫ Rails Version3.0.13 Updaterc1

Rubyonrails ≫ Rails Version3.0.14

Rubyonrails ≫ Rails Version3.0.16

Rubyonrails ≫ Rails Version3.0.17

Rubyonrails ≫ Rails Version3.0.18

Rubyonrails ≫ Rails Version3.0.19

Rubyonrails ≫ Rails Version3.0.20

Rubyonrails ≫ Rails Version3.1.0

Rubyonrails ≫ Rails Version3.1.0 Updatebeta1

Rubyonrails ≫ Rails Version3.1.0 Updaterc1

Rubyonrails ≫ Rails Version3.1.0 Updaterc2

Rubyonrails ≫ Rails Version3.1.0 Updaterc3

Rubyonrails ≫ Rails Version3.1.0 Updaterc4

Rubyonrails ≫ Rails Version3.1.0 Updaterc5

Rubyonrails ≫ Rails Version3.1.0 Updaterc6

Rubyonrails ≫ Rails Version3.1.0 Updaterc7

Rubyonrails ≫ Rails Version3.1.0 Updaterc8

Rubyonrails ≫ Rails Version3.1.1

Rubyonrails ≫ Rails Version3.1.1 Updaterc1

Rubyonrails ≫ Rails Version3.1.1 Updaterc2

Rubyonrails ≫ Rails Version3.1.1 Updaterc3

Rubyonrails ≫ Rails Version3.1.2

Rubyonrails ≫ Rails Version3.1.2 Updaterc1

Rubyonrails ≫ Rails Version3.1.2 Updaterc2

Rubyonrails ≫ Rails Version3.1.3

Rubyonrails ≫ Rails Version3.1.4

Rubyonrails ≫ Rails Version3.1.4 Updaterc1

Rubyonrails ≫ Rails Version3.1.5

Rubyonrails ≫ Rails Version3.1.5 Updaterc1

Rubyonrails ≫ Rails Version3.1.6

Rubyonrails ≫ Rails Version3.1.7

Rubyonrails ≫ Rails Version3.1.8

Rubyonrails ≫ Rails Version3.1.9

Rubyonrails ≫ Rails Version3.1.10

Rubyonrails ≫ Rails Version3.2.0

Rubyonrails ≫ Rails Version3.2.0 Updaterc1

Rubyonrails ≫ Rails Version3.2.0 Updaterc2

Rubyonrails ≫ Rails Version3.2.1

Rubyonrails ≫ Rails Version3.2.2

Rubyonrails ≫ Rails Version3.2.2 Updaterc1

Rubyonrails ≫ Rails Version3.2.3

Rubyonrails ≫ Rails Version3.2.3 Updaterc1

Rubyonrails ≫ Rails Version3.2.3 Updaterc2

Rubyonrails ≫ Rails Version3.2.4

Rubyonrails ≫ Rails Version3.2.4 Updaterc1

Rubyonrails ≫ Rails Version3.2.5

Rubyonrails ≫ Rails Version3.2.6

Rubyonrails ≫ Rails Version3.2.7

Rubyonrails ≫ Rails Version3.2.8

Rubyonrails ≫ Rails Version3.2.9

Rubyonrails ≫ Rails Version3.2.10

Rubyonrails ≫ Rails Version3.2.11

Rubyonrails ≫ Rails Version3.2.12

Rubyonrails ≫ Rails Version3.2.13

Rubyonrails ≫ Rails Version3.2.13 Updaterc1

Rubyonrails ≫ Rails Version3.2.13 Updaterc2

Rubyonrails ≫ Rails Version3.2.15

Rubyonrails ≫ Rails Version3.2.15 Updaterc3

Rubyonrails ≫ Ruby On Rails Version <= 3.2.16

Rubyonrails ≫ Ruby On Rails Version3.0.4

Rubyonrails ≫ Ruby On Rails Version3.2.14

Rubyonrails ≫ Ruby On Rails Version3.2.14 Updaterc1

Rubyonrails ≫ Ruby On Rails Version3.2.14 Updaterc2

Rubyonrails ≫ Ruby On Rails Version3.2.15 Updaterc1

Rubyonrails ≫ Ruby On Rails Version3.2.15 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.46%	0.907

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2014-0215.html

http://secunia.com/advisories/57376

http://secunia.com/advisories/57836

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html

http://rhn.redhat.com/errata/RHSA-2014-0306.html

http://openwall.com/lists/oss-security/2014/02/18/10

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ

https://puppet.com/security/cve/cve-2014-0082

https://nvd.nist.gov/vuln/detail/CVE-2014-0082

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0082

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0082

EUVD