Home Features FAQ Pricing About Us Contact Us Web Site Monitoring: Website Monitor & Server Monitoring
Web Server Monitoring
Login

E-mail:

Password:



Secure Login
Lost Password

See Also
FREE TRIAL!
Spot Check URL
Articles
Link to Us
Demo Account
ASL Reference


Security Check Details

SuSE 11.2 Security Update: rubygem-actionpack-2_3 (2010-02-05)
Synopsis :

The remote SuSE system is missing a security patch for rubygem-actionpack-2_3

Description :

This update of rubygems fixes two vulnerabilities:
- CVE-2008-7248: CVSS v2 Base Score: 4.3 Rails CSRF
protection can be bypassed by using special content-types
for a HTTP request.
- CVE-2009-4214: CVSS v2 Base Score: 4.3 The method
strip_tags does not completely protect agains XSS attacks.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=558879
https://bugzilla.novell.com/show_bug.cgi?id=564362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248

Solution :

Run yast to install the security patch for rubygem-actionpack-2_3

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)


More at Nessus.org



 Device Status

Not logged in.

What's This?

Web Site Monitoring · Security Scan · Features · FAQ · Pricing · About Us · Contact Us · Site Map

Copyright © 2000-2010 Alertra, Inc. All rights reserved. Please read our privacy statement and our terms of service.