CVE-2011-3186: Code Injection
First published: Sat Aug 20 2011(Updated: )
A response splitting flaw in Ruby on Rails 2.3.x was reported [1] that could allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types. This is corrected in upstream 2.3.13 (3.0.0 and later are not vulnerable). Patches are available in the advisory [1] and git [2]. [1] <a href="http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768">http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768</a> [2] <a href="https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9">https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/rubygem-actionpack | <2.3.13 | 2.3.13 |
| redhat/rubygem-actionpack | <3.0.0 | 3.0.0 |
| Rubyonrails Rails | =2.3.2 | |
| Rubyonrails Rails | =2.3.3 | |
| Rubyonrails Rails | =2.3.4 | |
| Rubyonrails Rails | =2.3.9 | |
| Rubyonrails Rails | =2.3.10 | |
| Rubyonrails Rails | =2.3.11 | |
| Rubyonrails Rails | =2.3.12 | |
| rubygems/actionpack | >=2.3.0<2.3.13 | 2.3.13 |
Remedy
http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain
- http://www.openwall.com/lists/oss-security/2011/08/20/1
- http://www.openwall.com/lists/oss-security/2011/08/19/11
- https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9
- http://www.openwall.com/lists/oss-security/2011/08/22/14
- http://www.openwall.com/lists/oss-security/2011/08/22/5
- http://www.openwall.com/lists/oss-security/2011/08/22/13
- http://www.openwall.com/lists/oss-security/2011/08/17/1
- https://bugzilla.redhat.com/show_bug.cgi?id=732156
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html
- http://secunia.com/advisories/45921
- http://www.debian.org/security/2011/dsa-2301
- https://nvd.nist.gov/vuln/detail/CVE-2011-3186
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml
- https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g
- https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921
- https://github.com/advisories/GHSA-fcqf-h4h4-695m (Advisory)
- http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=732158
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=677629
- https://admin.fedoraproject.org/updates/rubygem-actionpack-2.3.8-4.fc14
- collector/nvd-historical
- collector/github-advisory-latest
- alias/GHSA-fcqf-h4h4-695m
- alias/CVE-2011-3186
- collector/github-advisory
- collector/nvd-cve
- collector/nvd-index
- agent/weakness
- agent/type
- agent/author
- agent/softwarecombine
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/tags
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- vendor/rubyonrails
- canonical/rubyonrails rails
- version/rubyonrails rails/2.3.2
- version/rubyonrails rails/2.3.3
- version/rubyonrails rails/2.3.4
- version/rubyonrails rails/2.3.9
- version/rubyonrails rails/2.3.10
- version/rubyonrails rails/2.3.11
- version/rubyonrails rails/2.3.12
- package-manager/rubygems
- package-manager/redhat