Vulnerability Name:

CVE-2011-2197 (CCN-67934)

Assigned:2011-06-07
Published:2011-06-07
Updated:2019-08-08
Summary:The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-2197

Source: CCN
Type: Google Web site
Potential XSS Vulnerability in Ruby on Rails Applications

Source: MLIST
Type: Patch
[rubyonrails-security] 20110607 Potential XSS Vulnerability in Ruby on Rails Applications

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-8580

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-8494

Source: MLIST
Type: Patch
[oss-security] 20110609 CVE Request: Ruby on Rails 3/rails_xss XSS

Source: MLIST
Type: Patch
[oss-security] 20110613 Re: CVE Request: Ruby on Rails 3/rails_xss XSS

Source: CCN
Type: Ruby on Rails Web site
Ruby on Rails

Source: CCN
Type: SA44789
Ruby on Rails Safe Buffer Cross-Site Scripting Weakness

Source: SECUNIA
Type: Vendor Advisory
44789

Source: CONFIRM
Type: Patch
http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications

Source: CCN
Type: OSVDB ID: 72820
Ruby on Rails Safe Buffer Multiple Method XSS

Source: CCN
Type: BID-48169
Ruby on Rails Multiple Cross Site Scripting Filter Security Bypass Weaknesses

Source: XF
Type: UNKNOWN
rubyonrails-htmlsafe-xss(67934)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rubyonrails:rails:2.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.3.9:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.4:-:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    rubyonrails rails 2.0.0
    rubyonrails rails 2.0.0 rc1
    rubyonrails rails 2.0.0 rc2
    rubyonrails rails 2.0.1
    rubyonrails rails 2.0.2
    rubyonrails rails 2.0.4
    rubyonrails rails 2.1.0
    rubyonrails rails 2.1.1
    rubyonrails rails 2.1.2
    rubyonrails rails 2.2.0
    rubyonrails rails 2.2.1
    rubyonrails rails 2.2.2
    rubyonrails rails 2.3.2
    rubyonrails rails 2.3.3
    rubyonrails rails 2.3.4
    rubyonrails rails 2.3.9
    rubyonrails rails 2.3.10
    rubyonrails rails 2.3.11
    rubyonrails rails 3.0.0
    rubyonrails rails 3.0.0 beta
    rubyonrails rails 3.0.0 beta2
    rubyonrails rails 3.0.0 beta3
    rubyonrails rails 3.0.0 beta4
    rubyonrails rails 3.0.0 rc
    rubyonrails rails 3.0.0 rc2
    rubyonrails rails 3.0.1
    rubyonrails rails 3.0.1 pre
    rubyonrails rails 3.0.2
    rubyonrails rails 3.0.2 pre
    rubyonrails rails 3.0.3
    rubyonrails rails 3.0.4 rc1
    rubyonrails rails 3.0.5
    rubyonrails rails 3.0.5 rc1
    rubyonrails rails 3.0.6
    rubyonrails rails 3.0.6 rc1
    rubyonrails rails 3.0.6 rc2
    rubyonrails rails 3.0.7
    rubyonrails rails 3.0.7 rc1
    rubyonrails rails 3.0.7 rc2
    rubyonrails rails 3.0.8 rc1
    rubyonrails rails 3.0.8 rc2
    rubyonrails rails 3.0.8 rc3
    rubyonrails rails 3.0.8 rc4
    rubyonrails ruby on rails 3.0.4
    rubyonrails rails 3.1.0
    rubyonrails rails 3.1.0 beta1
    rubyonrails rails 3.1.0 rc1