Class: Dawn::Kb::CVE_2014_0036
- Inherits:
-
Object
- Object
- Dawn::Kb::CVE_2014_0036
- Includes:
- DependencyCheck
- Defined in:
- lib/dawn/kb/cve_2014_0036.rb
Overview
Automatically created with rake on 2014-03-14
Constant Summary
Constants included from BasicCheck
Instance Attribute Summary
Attributes included from DependencyCheck
#aux_mitigation_gem, #dependencies, #not_affected, #safe_dependencies, #save_major, #save_minor
Attributes included from BasicCheck
#applies, #aux_links, #check_family, #cve, #cvss, #cwe, #debug, #evidences, #fixes_version, #kind, #message, #mitigated, #name, #osvdb, #owasp, #priority, #release_date, #remediation, #ruby_version, #ruby_vulnerable_versions, #severity, #status, #target_version, #title
Instance Method Summary collapse
-
#initialize ⇒ CVE_2014_0036
constructor
A new instance of CVE_2014_0036.
Methods included from DependencyCheck
Methods included from BasicCheck
#applies_to?, #cve_link, #cvss_score, families, #family, #family=, #lint, #mitigated?, #nvd_link, #osvdb_link, #rubysec_advisories_link
Methods included from Utils
#__debug_me_and_return, #debug_me, #debug_me_and_return_false, #debug_me_and_return_true
Constructor Details
#initialize ⇒ CVE_2014_0036
Returns a new instance of CVE_2014_0036.
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
# File 'lib/dawn/kb/cve_2014_0036.rb', line 7 def initialize = "rbovirt Gem for Ruby contains a flaw related to certificate validation. The issue is due to the program failing to validate SSL certificates. This may allow an attacker with access to network traffic (e.g. MiTM, DNS cache poisoning) to spoof the SSL server via an arbitrary certificate that appears valid. Such an attack would allow for the interception of sensitive traffic, and potentially allow for the injection of content into the SSL stream." super({ :name=>"CVE-2014-0036", :cvss=>"AV:N/AC:M/Au:N/C:P/I:P/A:P", :release_date => Date.new(2014, 3, 5), :cwe=>"20", :owasp=>"A9", :applies=>["sinatra", "padrino", "rails"], :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, :message=>, :mitigation=>"Please upgrade rbovirt version at least to 0.0.24. As a general rule, using the latest version is recommended.", :aux_links=>["http://www.securityfocus.com/bid/66006"] }) self.safe_dependencies = [{:name=>"rbovirt", :version=>['0.0.24']}] end |