V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2012-2694
DEB
Medium

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly…

CVSS
4.0
Medium
EPSS
0.04
p89
Published
2012-01-01
Updated
2012-01-01
Description

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660.

Tags · CWE
CWE-138
CWE-264
CAPEC-15
CAPEC-34
CAPEC-105
Affected products
Converge-ui-develGraphvizOpenshift-consoleOpenshift-origin-brokerOpenshift-origin-broker-utilOpenshift-origin-cartridge-cron-1.4Openshift-origin-cartridge-diy-0.1Openshift-origin-cartridge-haproxy-1.4Openshift-origin-cartridge-jbosseap-6.0Openshift-origin-cartridge-jbossews-1.0Openshift-origin-cartridge-jenkins-1.4Openshift-origin-cartridge-jenkins-client-1.4Openshift-origin-cartridge-mysql-5.1Openshift-origin-cartridge-perl-5.10Openshift-origin-cartridge-php-5.3Openshift-origin-cartridge-postgresql-8.4Openshift-origin-cartridge-ruby-1.8Openshift-origin-cartridge-ruby-1.9-sclOpenshift-origin-msg-node-mcollectivePhp
CVSS vector
AV:N/AC:H/Au:N/C:P/I:P/A:N
Timeline
2012-01-01
Published
2012-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Authentication
Au: N
None (N)
Confidentiality Impact
C: P
Partial
Integrity Impact
I: P
Partial
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.041 · p89
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Debian
Ruby-activerecord-3.2
Red Hat
PhpPuppetRubygem-openshift-origin-nodeOpenshift-origin-broker-utilRubygem-openshift-origin-controllerRuby193-rubygem-ruby ParserRuby193-rubygem-actionpackOpenshift-origin-msg-node-mcollectiveRubygem-openshift-origin-consoleOpenshift-origin-broker+35
Rubyonrails
RailsRuby On Rails
ProductVendorStatus
converge-ui-develTracked
graphvizTracked
openshift-consoleTracked
openshift-origin-brokerTracked
openshift-origin-broker-utilTracked
openshift-origin-cartridge-cron-1.4Tracked
openshift-origin-cartridge-diy-0.1Tracked
openshift-origin-cartridge-haproxy-1.4Tracked
openshift-origin-cartridge-jbosseap-6.0Tracked
openshift-origin-cartridge-jbossews-1.0Tracked
openshift-origin-cartridge-jenkins-1.4Tracked
openshift-origin-cartridge-jenkins-client-1.4Tracked
openshift-origin-cartridge-mysql-5.1Tracked
openshift-origin-cartridge-perl-5.10Tracked
openshift-origin-cartridge-php-5.3Tracked
openshift-origin-cartridge-postgresql-8.4Tracked
openshift-origin-cartridge-ruby-1.8Tracked
openshift-origin-cartridge-ruby-1.9-sclTracked
openshift-origin-msg-node-mcollectiveTracked
phpTracked
Showing first 20 of 55
Source databases
DEB
CVE
RED