Vulnerability Name:

CVE-2013-0333 (CCN-81549)

Assigned:2012-12-06
Published:2013-01-28
Updated:2023-02-13
Summary:
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2013-0333

Source: CCN
Type: Tableau Software Web site
Ruby on Rails Vulnerabililty

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2013-0201
Critical: rubygem-activesupport security update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2013-0202
Critical: rubygem-activesupport security update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2013-0203
Critical: rubygem-activesupport security update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SA51938
Ruby on Rails JSON Parser YAML Handling Vulnerability

Source: CCN
Type: SA52095
Apple OS X Server Multiple Ruby on Rails Vulnerabilities

Source: CCN
Type: SA52368
Tableau Server Ruby on Rails JSON Parser YAML Handling Vulnerability

Source: CCN
Type: SA52369
Invensys Wonderware Intelligence Tableau Server Multiple Vulnerabilities

Source: CCN
Type: SA56011
Infoblox NetMRI Ruby on Rails JSON Parser YAML Handling Vulnerability

Source: CCN
Type: Apple Web site
About the security content of OS X Server v2.2.1

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Ruby on Rails Web Site
Rails 3.0.20, and 2.3.16 have been released!

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: DEBIAN
Type: DSA-2613
rails -- insufficient input validation

Source: secalert@redhat.com
Type: US Government Resource
secalert@redhat.com

Source: CCN
Type: BID-57575
Ruby on Rails 'convert_json_to_yaml()' Method Security Vulnerability

Source: XF
Type: UNKNOWN
rubyonrails-convertjsontoyaml-code-exec(81549)

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: Packet Storm Security [01-29-2013]
Ruby on Rails JSON Processor YAML Deserialization Code Execution

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [01-29-2013]

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [05-30-2018]
Ruby on Rails JSON Processor YAML Deserialization Scanner

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:rubyonrails:rails:3.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.7:-:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.10:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.2:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.4:-:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.9:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.8:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.7:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.0:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.4:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.1:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.5:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.6:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.8:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.9:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.13:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.12:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.8:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:apple:os_x_server:2.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20130333
    V
    		CVE-2013-0333
    2015-11-16
    oval:org.mitre.oval:def:18384
    P
    		DSA-2613-1 rails - insufficient input validation
    2014-06-23
    oval:org.mitre.oval:def:22983
    P
    		ELSA-2013:1449: kernel security and bug fix update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21281
    P
    		RHSA-2013:1449: kernel security and bug fix update (Moderate)
    2014-02-17
    oval:com.ubuntu.precise:def:20130333000
    V
    		CVE-2013-0333 on Ubuntu 12.04 LTS (precise) - high.
    2013-01-30
    BACK
    rubyonrails ruby on rails 3.0.1
    rubyonrails ruby on rails 3.0.2
    rubyonrails ruby on rails 3.0.3
    rubyonrails ruby on rails 3.0.4
    rubyonrails ruby on rails 3.0.7
    apple mac os x 10.6.8
    apple mac os x server 10.6.8
    rubyonrails ruby on rails 3.0.10
    rubyonrails ruby on rails 3.0.11
    rubyonrails ruby on rails 3.2.2
    rubyonrails ruby on rails 3.1.2
    rubyonrails ruby on rails 3.1.4
    apple mac os x server 10.7.5
    apple mac os x 10.7.5
    apple mac os x 10.8.2
    rubyonrails ruby on rails 3.2.9
    rubyonrails ruby on rails 3.2.8
    rubyonrails ruby on rails 3.2.7
    rubyonrails ruby on rails 3.2.0
    rubyonrails ruby on rails 3.2.4
    rubyonrails ruby on rails 3.2.3
    rubyonrails ruby on rails 3.2.1
    rubyonrails ruby on rails 3.2.6
    rubyonrails ruby on rails 3.2.5
    rubyonrails ruby on rails 3.1.8
    rubyonrails ruby on rails 3.1.7
    rubyonrails ruby on rails 3.1.0
    rubyonrails ruby on rails 3.1.3
    rubyonrails ruby on rails 3.1.1
    rubyonrails ruby on rails 3.1.6
    rubyonrails ruby on rails 3.1.5
    rubyonrails ruby on rails 3.0.6
    rubyonrails ruby on rails 3.0.16
    rubyonrails ruby on rails 3.0.8
    rubyonrails ruby on rails 3.0.5
    rubyonrails ruby on rails 3.0.17
    rubyonrails ruby on rails 3.0.1 pre
    rubyonrails ruby on rails 3.0.2 pre
    rubyonrails ruby on rails 3.0.9
    rubyonrails ruby on rails 3.0.14
    rubyonrails ruby on rails 3.0.13
    rubyonrails ruby on rails 3.0.12
    rubyonrails ruby on rails 3.0.0 beta4
    rubyonrails ruby on rails 3.0.0 beta
    rubyonrails ruby on rails 3.0.0 beta
    rubyonrails ruby on rails 3.0.0 beta3
    rubyonrails ruby on rails 3.0.0 beta2
    apple mac os x 10.8.3
    apple mac os x 10.8.1
    apple mac os x 10.8
    redhat enterprise linux 4
    redhat linux advanced workstation 2.1
    apple os x server 2.2.0