This host is installed with Ruby and is prone to XML entity expansion vulnerability.

Successful exploitation will allow attackers to cause a denial of service (crash) condition. Impact Level: Application

Upgrade to Ruby 1.9.3-p551 or 2.0.0-p598 or 2.1.5 later. For updates refer http://www.ruby-lang.org

Flaw exists due to an error within the REXML module when parsing XML entities.

Ruby versions Ruby 1.9.x before 1.9.3-p551, 2.0.x before 2.0.0-p598, and 2.1.x before 2.1.5 on Windows.

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

• http://www.osvdb.org/114641
• https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090

---

Updated on 2015-03-25