Class: Dawn::Kb::CVE_2013_0256

Inherits:
Object
  • Object
show all
Includes:
ComboCheck
Defined in:
lib/dawn/kb/cve_2013_0256.rb

Constant Summary

Constants included from BasicCheck

BasicCheck::ALLOWED_FAMILIES

Instance Attribute Summary

Attributes included from ComboCheck

#checks, #options, #vulnerable_checks

Attributes included from BasicCheck

#applies, #aux_links, #check_family, #cve, #cvss, #cwe, #debug, #evidences, #fixes_version, #kind, #message, #mitigated, #name, #osvdb, #owasp, #priority, #release_date, #remediation, #ruby_version, #ruby_vulnerable_versions, #severity, #status, #target_version, #title

Instance Method Summary collapse

Methods included from ComboCheck

#dump_status, find_vulnerable_checks_by_class, #vuln?

Methods included from BasicCheck

#applies_to?, #cve_link, #cvss_score, families, #family, #family=, #lint, #mitigated?, #nvd_link, #osvdb_link, #rubysec_advisories_link

Methods included from Utils

#__debug_me_and_return, #debug_me, #debug_me_and_return_false, #debug_me_and_return_true

Constructor Details

#initializeCVE_2013_0256

Returns a new instance of CVE_2013_0256.


40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'lib/dawn/kb/cve_2013_0256.rb', line 40

def initialize
      message = "darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL."
      super({
        :name=>"CVE-2013-0256",
        :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
        :release_date => Date.new(2013, 3, 1),
        :cwe=>"79",
        :owasp=>"A3", 
        :applies=>["sinatra", "padrino", "rails"],
        :kind=>Dawn::KnowledgeBase::COMBO_CHECK,
        :message=>message,
        :mitigation=>"Please upgrade rdoc version at least to 2.3.1, 3.13 or 4.0.0. As a general rule, using the latest stable version is recommended.",
        :aux_links=>["http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2"],
        :checks=>[CVE_2013_0256_a.new, CVE_2013_0256_b.new]
      })

end