CVE-2011-0448

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain	Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
http://secunia.com/advisories/43278	Vendor Advisory
http://securitytracker.com/id?1025063
http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4	Patch
http://www.vupen.com/english/advisories/2011/0877
https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

History

07 Dec 2023, 23:15

Type	Values Removed	Values Added
References		() https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474 -

Information

Published : 2011-02-21 18:00

Updated : 2024-02-28 11:41

NVD link : CVE-2011-0448

Mitre link : CVE-2011-0448

CVE.ORG link : CVE-2011-0448

JSON object : View

Products Affected

rubyonrails

rails

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2011-0448", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-02-21T18:00:01.287", "references": [{"url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/43278", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1025063", "source": "cve@mitre.org"}, {"url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0877", "source": "cve@mitre.org"}, {"url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument."}, {"lang": "es", "value": "Ruby on Rails v3.0.x anteriores a v3.0.4 no garantiza que los argumentos de la funci\u00f3n de especificar los valores l\u00edmite de n\u00famero entero, lo que facilita a los atacantes remotos para realizar ataques de inyecci\u00f3n SQL a trav\u00e9s de un argumento no num\u00e9rico."}], "lastModified": "2023-12-07T23:15:07.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3BE7DFE-BA20-434B-A1DE-AD038B255C60"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCEE5B21-C990-4705-8239-0D7B29DAEDA1"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65EE33B1-B079-4CDE-B9C2-F1613A4610DC"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CAAA20B-824F-4448-99DC-9712FE628073"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2BEBDFB-0F30-454A-B74C-F820C9D2708B"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D7CD8C1-95D1-477E-AD96-6582EC33BA01"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6F00D98-3D0F-40AF-AE4F-090B1E6B660C"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9476CE55-69C0-45D3-B723-6F459C90BF05"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "486F5BA6-BCF7-4691-9754-19D364B4438D"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "112FC73B-A8BC-4EEA-9F4B-CCE685EF2838"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4498383-6FCA-4E17-A1FD-B0CE7EE50F85"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D26565B1-2BA6-4A3C-9264-7FC9A1820B59"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "644EF85E-6D3E-4F5C-96B0-49AD2A2D90CE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}