Vulnerability CVE-2012-2695 - CERT Civis.Net

Vulnerability Name:

CVE-2012-2695 (CCN-76260)

Assigned:

2012-06-12

Published:

2012-06-12

Updated:

2019-08-08

Summary:

The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Data Manipulation

References:

Source: MITRE
Type: CNA
CVE-2012-2695

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:0978

Source: SUSE
Type: UNKNOWN
SUSE-SU-2012:1012

Source: SUSE
Type: UNKNOWN
SUSE-SU-2012:1014

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:1066

Source: CCN
Type: RHSA-2012-1542
Moderate: CloudForms Commons 1.1 security update

Source: CCN
Type: RHSA-2013-0154
Critical: Ruby on Rails security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0154

Source: CCN
Type: RHSA-2013-0582
Moderate: Red Hat OpenShift Enterprise 1.1.1 update

Source: CCN
Type: SA49457
Ruby on Rails Nested Query Parameters SQL Injection Vulnerability

Source: CCN
Type: IBM Security Bulletin 1626255
IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)

Source: CCN
Type: IBM Security Bulletin 1626515
IBM Security Network Protection can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0155, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)

Source: CCN
Type: BID-53970
Ruby on Rails Active Record CVE-2012-2695 SQL Injection Vulnerability

Source: XF
Type: UNKNOWN
rubyonrails-query-sql-injection(76260)

Source: CCN
Type: Ruby on Rails Web Site
Ruby on Rails SQL Injection (CVE-2012-2695)

Source: MLIST
Type: Exploit
[rubyonrails-security] 20120612 Ruby on Rails SQL Injection (CVE-2012-2695)

Vulnerable Configuration:

Configuration 1:

cpe:/a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.1:-:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.2:-:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.0.4:-:*:*:*:*:*:*

OR cpe:/a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:* (Version <= 3.0.13)

Configuration 2:

cpe:/a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*

Configuration 3:

cpe:/a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:26228	P	Security update for ghostscript (Moderate)	2022-01-14
oval:org.opensuse.security:def:26217	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:26183	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:26119	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:26107	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:26108	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:20122695	V	CVE-2012-2695	2021-08-15
oval:org.opensuse.security:def:36558	P	rubygem-activerecord-3_2-3.2.12-0.11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26216	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:26786	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26558	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27665	P	Security update for rubygem-activerecord	2020-12-01
oval:org.opensuse.security:def:26839	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26793	P	openswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26392	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:27521	P	novell-ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26895	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26533	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26292	P	Security update for the Linux Kernel (Moderate)	2020-12-01
oval:org.opensuse.security:def:26948	P	libexiv2-4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26737	P	libadns1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26501	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27630	P	Security update for lcms	2020-12-01
oval:org.opensuse.security:def:26825	P	sysconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26642	P	sysstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26311	P	Security update for openstack-nova and openstack-neutron (Moderate)	2020-12-01
oval:org.opensuse.security:def:26883	P	dhcp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26846	P	xterm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26449	P	Security update for nginx (Moderate)	2020-12-01
oval:org.opensuse.security:def:27556	P	rubygem-activerecord-3_2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26934	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26684	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26420	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:26992	P	mozilla-xulrunner192 on GA media (Moderate)	2020-12-01