Summary
This host is installed with Ruby and is
prone to XML entity expansion vulnerability.
Impact
Successful exploitation will allow attackers
to cause a denial of service (crash) condition.
Impact Level: Application
Solution
Upgrade to Ruby 1.9.3-p551 or 2.0.0-p598 or
2.1.5 later. For updates refer http://www.ruby-lang.org
Insight
Flaw exists due to an error within the
REXML module when parsing XML entities.
Affected
Ruby versions Ruby 1.9.x before 1.9.3-p551,
2.0.x before 2.0.0-p598, and 2.1.x before 2.1.5 on Windows.
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-8090 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Mac OS X)
- Asterisk T.38 Negotiation Remote Denial Of Service Vulnerability
- ClamAV 'cli_pdf()' PDF File Processing Denial Of Service Vulnerability
- Apple Safari Nested 'object' Tag Remote Denial Of Service vulnerability
- Adobe Flash Media Server XML Data Remote Denial of Service Vulnerability