Class: Dawn::Kb::CVE_2012_4481

# File 'lib/dawn/kb/cve_2012_4481.rb', line 7

def initialize
      message="The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005."
      super({
        :name=>"CVE-2012-4481",
        :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
        :release_date => Date.new(2013, 5, 2),
        :cwe=>"264",
        :owasp=>"A9", 
        :applies=>["rails", "sinatra", "padrino"],
        :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
        :message=>message,
        :mitigation=>"Please upgrade ruby interpreter to 1.9.3 or 2.0.0 or latest version available",
        :aux_links=>["https://bugzilla.redhat.com/show_bug.cgi?id=863484"]
      })

      self.safe_rubies = [{:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p9999"}]
end

Class: Dawn::Kb::CVE_2012_4481

Overview

Constant Summary

Constants included from BasicCheck

Instance Attribute Summary

Attributes included from RubyVersionCheck

Attributes included from BasicCheck

Instance Method Summary collapse

Methods included from RubyVersionCheck

Methods included from BasicCheck

Methods included from Utils

Constructor Details

#initialize ⇒ CVE_2012_4481

#initialize ⇒ `CVE_2012_4481`