Summary
This host is installed with Ruby and is
prone to denial-of-service vulnerability.
Impact
Successful exploitation will allow attackers
to cause a denial of service (crash) condition.
Impact Level: Application
Solution
Upgrade to Ruby 1.9.3-p550 or 2.0.0-p594 or
2.1.4 later. For updates refer http://www.ruby-lang.org
Insight
Flaw exists due to an incorrectly configured
XML parser accepting XML external entities from an untrusted source
Affected
Ruby versions Ruby 1.9.x before 1.9.3-p550,
2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 on Windows.
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-8080 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apple Safari Denial Of Service Vulnerability - Jul09
- Asterisk Products Invalid SDP SIP Channel Driver DoS Vulnerability
- FreeSWITCH 'switch_regex.c' Multiple Buffer Overflow Vulnerabilities
- Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
- ClamAV Hash Manager Off-By-One Denial of Service Vulnerability (Win)