7.5

CVE-2015-4410

Exploit
The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Moped ProjectMoped Version- SwPlatformruby
FedoraprojectFedora Version21
FedoraprojectFedora Version22
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.66% 0.92
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.openwall.com/lists/oss-security/2015/06/06/3
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/75045
Third Party Advisory
VDB Entry
https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
Third Party Advisory
Exploit
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1229757
Third Party Advisory
Issue Tracking
https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
Exploit
https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html
Third Party Advisory
Exploit
https://seclists.org/oss-sec/2015/q2/653
Third Party Advisory
Mailing List
https://www.securityfocus.com/bid/75045
Third Party Advisory
VDB Entry