CVE-2013-6417
Vulnerability Summary
Timeline
Description
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.
CVSS Metrics
- v2.0•MEDIUM•Score: 6.4AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS Trends
Current EPSS score: 0.51%• Percentile: 67%
Techniques & Countermeasures
- CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Affected Systems
- rubyonrails•rails
3.0.0 | 3.0.0:beta | 3.0.0:beta2 | 3.0.0:beta3 | 3.0.0:beta4 | 3.0.0:rc | 3.0.0:rc2 | 3.0.1 | 3.0.1:pre | 3.0.2 | 3.0.2:pre | 3.0.3 | 3.0.4:rc1 | 3.0.5 | 3.0.5:rc1 | 3.0.6 | 3.0.6:rc1 | 3.0.6:rc2 | 3.0.7 | 3.0.7:rc1 | 3.0.7:rc2 | 3.0.8 | 3.0.8:rc1 | 3.0.8:rc2 | 3.0.8:rc3 | 3.0.8:rc4 | 3.0.9 | 3.0.9:rc1 | 3.0.9:rc2 | 3.0.9:rc3 | 3.0.9:rc4 | 3.0.9:rc5 | 3.0.10 | 3.0.10:rc1 | 3.0.11 | 3.0.12 | 3.0.12:rc1 | 3.0.13 | 3.0.13:rc1 | 3.0.14 | 3.0.16 | 3.0.17 | 3.0.18 | 3.0.19 | 3.0.20 | 3.1.0 | 3.1.0:beta1 | 3.1.0:rc1 | 3.1.0:rc2 | 3.1.0:rc3 | 3.1.0:rc4 | 3.1.0:rc5 | 3.1.0:rc6 | 3.1.0:rc7 | 3.1.0:rc8 | 3.1.1 | 3.1.1:rc1 | 3.1.1:rc2 | 3.1.1:rc3 | 3.1.2 | 3.1.2:rc1 | 3.1.2:rc2 | 3.1.3 | 3.1.4 | 3.1.4:rc1 | 3.1.5 | 3.1.5:rc1 | 3.1.6 | 3.1.7 | 3.1.8 | 3.1.9 | 3.1.10 | 3.2.0 | 3.2.0:rc1 | 3.2.0:rc2 | 3.2.1 | 3.2.2 | 3.2.2:rc1 | 3.2.3 | 3.2.3:rc1 | 3.2.3:rc2 | 3.2.4 | 3.2.4:rc1 | 3.2.5 | 3.2.6 | 3.2.7 | 3.2.8 | 3.2.9 | 3.2.10 | 3.2.11 | 3.2.12 | 3.2.13 | 3.2.13:rc1 | 3.2.13:rc2 | ≤ 4.0.1 | 4.0.0 | 4.0.0:beta | 4.0.0:rc1 | 4.0.0:rc2 | 4.0.1:rc1
- rubyonrails•ruby_on_rails
≤ 3.2.15 | 3.0.4 | 3.1.11 | 3.2.14 | 3.2.14:rc1 | 3.2.14:rc2 | 3.2.15:rc1 | 3.2.15:rc2
References (11)
- http://rhn.redhat.com/errata/RHSA-2014-0008.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
- http://rhn.redhat.com/errata/RHSA-2014-0469.html
- https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
- http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
- http://rhn.redhat.com/errata/RHSA-2013-1794.html
- https://puppet.com/security/cve/cve-2013-6417
- http://www.debian.org/security/2014/dsa-2888