CVE-2012-2694
Vulnerability Summary
Timeline
Description
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660.
CVSS Metrics
- v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.22%• Percentile: 45%
Techniques & Countermeasures
- CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Affected Systems
- rubyonrails•rails
3.0.0 | 3.0.0:beta | 3.0.0:beta2 | 3.0.0:beta3 | 3.0.0:beta4 | 3.0.0:rc | 3.0.0:rc2 | 3.0.1 | 3.0.1:pre | 3.0.2 | 3.0.2:pre | 3.0.3 | 3.0.4:rc1 | 3.0.5 | 3.0.5:rc1 | 3.0.6 | 3.0.6:rc1 | 3.0.6:rc2 | 3.0.7 | 3.0.7:rc1 | 3.0.7:rc2 | 3.0.8 | 3.0.8:rc1 | 3.0.8:rc2 | 3.0.8:rc3 | 3.0.8:rc4 | 3.0.9 | 3.0.9:rc1 | 3.0.9:rc2 | 3.0.9:rc3 | 3.0.9:rc4 | 3.0.9:rc5 | 3.0.10 | 3.0.10:rc1 | 3.0.11 | 3.0.12 | 3.0.12:rc1 | 3.0.13:rc1 | 3.1.0 | 3.1.0:beta1 | 3.1.0:rc1 | 3.1.0:rc2 | 3.1.0:rc3 | 3.1.0:rc4 | 3.1.0:rc5 | 3.1.0:rc6 | 3.1.0:rc7 | 3.1.0:rc8 | 3.1.1 | 3.1.1:rc1 | 3.1.1:rc2 | 3.1.1:rc3 | 3.1.2 | 3.1.2:rc1 | 3.1.2:rc2 | 3.1.3 | 3.1.4 | 3.1.4:rc1 | 3.1.5 | 3.1.5:rc1 | 3.2.0 | 3.2.0:rc1 | 3.2.0:rc2 | 3.2.1 | 3.2.2 | 3.2.2:rc1 | 3.2.3 | 3.2.3:rc1 | 3.2.3:rc2 | 3.2.4 | 3.2.4:rc1 | 3.2.5
- rubyonrails•ruby_on_rails
≤ 3.0.13 | 3.0.4
References (7)
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
- http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
- https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain
- http://rhn.redhat.com/errata/RHSA-2013-0154.html