Summary
This host is installed with Ruby and is
prone to XML entity expansion vulnerability.
Impact
Successful exploitation will allow attackers
to cause a denial of service (crash) condition.
Impact Level: Application
Solution
Upgrade to Ruby 1.9.3-p551 or 2.0.0-p598 or
2.1.5 later. For updates refer http://www.ruby-lang.org
Insight
Flaw exists due to an error within the
REXML module when parsing XML entities.
Affected
Ruby versions Ruby 1.9.x before 1.9.3-p551,
2.0.x before 2.0.0-p598, and 2.1.x before 2.1.5 on Windows.
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-8090 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities