What is the severity of CVE-2013-6417?

CVE-2013-6417 has a severity rating that allows remote attackers to bypass database-query restrictions.

How do I fix CVE-2013-6417?

To fix CVE-2013-6417, you should upgrade to Ruby on Rails version 4.0.2 or 3.2.16 or later.

What components are affected by CVE-2013-6417?

CVE-2013-6417 affects the actionpack component in Ruby on Rails versions prior to 4.0.2 and 3.2.16.

Can CVE-2013-6417 affect database integrity?

Yes, CVE-2013-6417 can potentially allow unauthorized database queries, impacting database integrity.

Is CVE-2013-6417 a critical vulnerability?

CVE-2013-6417 is considered a significant vulnerability due to the ability to bypass intended security measures.

Vulnerability/
CVE-2013-6417

medium

6.4

CWE

284 264

7/12/2013

24/10/2017

6/8/2024

CVE-2013-6417

First published: Sat Dec 07 2013(Updated: )

`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
rubygems/actionpack	>=4.0.0<4.0.2	4.0.2
rubygems/actionpack	>=3.0.0<3.2.16	3.2.16
rubyonrails Rails	=3.0.0
rubyonrails Rails	=3.0.0-beta
rubyonrails Rails	=3.0.0-beta2
rubyonrails Rails	=3.0.0-beta3
rubyonrails Rails	=3.0.0-beta4
rubyonrails Rails	=3.0.0-rc
rubyonrails Rails	=3.0.0-rc2
rubyonrails Rails	=3.0.1
rubyonrails Rails	=3.0.1-pre
rubyonrails Rails	=3.0.2
rubyonrails Rails	=3.0.2-pre
rubyonrails Rails	=3.0.3
rubyonrails Rails	=3.0.4-rc1
rubyonrails Rails	=3.0.5
rubyonrails Rails	=3.0.5-rc1
rubyonrails Rails	=3.0.6
rubyonrails Rails	=3.0.6-rc1
rubyonrails Rails	=3.0.6-rc2
rubyonrails Rails	=3.0.7
rubyonrails Rails	=3.0.7-rc1
rubyonrails Rails	=3.0.7-rc2
rubyonrails Rails	=3.0.8
rubyonrails Rails	=3.0.8-rc1
rubyonrails Rails	=3.0.8-rc2
rubyonrails Rails	=3.0.8-rc3
rubyonrails Rails	=3.0.8-rc4
rubyonrails Rails	=3.0.9
rubyonrails Rails	=3.0.9-rc1
rubyonrails Rails	=3.0.9-rc2
rubyonrails Rails	=3.0.9-rc3
rubyonrails Rails	=3.0.9-rc4
rubyonrails Rails	=3.0.9-rc5
rubyonrails Rails	=3.0.10
rubyonrails Rails	=3.0.10-rc1
rubyonrails Rails	=3.0.11
rubyonrails Rails	=3.0.12
rubyonrails Rails	=3.0.12-rc1
rubyonrails Rails	=3.0.13
rubyonrails Rails	=3.0.13-rc1
rubyonrails Rails	=3.0.14
rubyonrails Rails	=3.0.16
rubyonrails Rails	=3.0.17
rubyonrails Rails	=3.0.18
rubyonrails Rails	=3.0.19
rubyonrails Rails	=3.0.20
rubyonrails Rails	=3.1.0
rubyonrails Rails	=3.1.0-beta1
rubyonrails Rails	=3.1.0-rc1
rubyonrails Rails	=3.1.0-rc2
rubyonrails Rails	=3.1.0-rc3
rubyonrails Rails	=3.1.0-rc4
rubyonrails Rails	=3.1.0-rc5
rubyonrails Rails	=3.1.0-rc6
rubyonrails Rails	=3.1.0-rc7
rubyonrails Rails	=3.1.0-rc8
rubyonrails Rails	=3.1.1
rubyonrails Rails	=3.1.1-rc1
rubyonrails Rails	=3.1.1-rc2
rubyonrails Rails	=3.1.1-rc3
rubyonrails Rails	=3.1.2
rubyonrails Rails	=3.1.2-rc1
rubyonrails Rails	=3.1.2-rc2
rubyonrails Rails	=3.1.3
rubyonrails Rails	=3.1.4
rubyonrails Rails	=3.1.4-rc1
rubyonrails Rails	=3.1.5
rubyonrails Rails	=3.1.5-rc1
rubyonrails Rails	=3.1.6
rubyonrails Rails	=3.1.7
rubyonrails Rails	=3.1.8
rubyonrails Rails	=3.1.9
rubyonrails Rails	=3.1.10
rubyonrails Rails	=3.2.0
rubyonrails Rails	=3.2.0-rc1
rubyonrails Rails	=3.2.0-rc2
rubyonrails Rails	=3.2.1
rubyonrails Rails	=3.2.2
rubyonrails Rails	=3.2.2-rc1
rubyonrails Rails	=3.2.3
rubyonrails Rails	=3.2.3-rc1
rubyonrails Rails	=3.2.3-rc2
rubyonrails Rails	=3.2.4
rubyonrails Rails	=3.2.4-rc1
rubyonrails Rails	=3.2.5
rubyonrails Rails	=3.2.6
rubyonrails Rails	=3.2.7
rubyonrails Rails	=3.2.8
rubyonrails Rails	=3.2.9
rubyonrails Rails	=3.2.10
rubyonrails Rails	=3.2.11
rubyonrails Rails	=3.2.12
rubyonrails Rails	=3.2.13
rubyonrails Rails	=3.2.13-rc1
rubyonrails Rails	=3.2.13-rc2
Ruby on Rails	<=3.2.15
Ruby on Rails	=3.0.4
Ruby on Rails	=3.1.11
Ruby on Rails	=3.2.14
Ruby on Rails	=3.2.14-rc1
Ruby on Rails	=3.2.14-rc2
Ruby on Rails	=3.2.15-rc1
Ruby on Rails	=3.2.15-rc2
rubyonrails Rails	<=4.0.1
rubyonrails Rails	=4.0.0
rubyonrails Rails	=4.0.0-beta
rubyonrails Rails	=4.0.0-rc1
rubyonrails Rails	=4.0.0-rc2
rubyonrails Rails	=4.0.1-rc1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-6417?
CVE-2013-6417 has a severity rating that allows remote attackers to bypass database-query restrictions.
How do I fix CVE-2013-6417?
To fix CVE-2013-6417, you should upgrade to Ruby on Rails version 4.0.2 or 3.2.16 or later.
What components are affected by CVE-2013-6417?
CVE-2013-6417 affects the actionpack component in Ruby on Rails versions prior to 4.0.2 and 3.2.16.
Can CVE-2013-6417 affect database integrity?
Yes, CVE-2013-6417 can potentially allow unauthorized database queries, impacting database integrity.
Is CVE-2013-6417 a critical vulnerability?
CVE-2013-6417 is considered a significant vulnerability due to the ability to bypass intended security measures.

collector/github-advisory-latest
alias/GHSA-wpw7-wxjm-cw8r
alias/CVE-2013-6417
collector/github-advisory
agent/author
agent/type
agent/references
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
package-manager/rubygems
vendor/rubyonrails
canonical/rubyonrails rails
version/rubyonrails rails/3.0.0
version/rubyonrails rails/3.0.0-beta
version/rubyonrails rails/3.0.0-beta2
version/rubyonrails rails/3.0.0-beta3
version/rubyonrails rails/3.0.0-beta4
version/rubyonrails rails/3.0.0-rc
version/rubyonrails rails/3.0.0-rc2
version/rubyonrails rails/3.0.1
version/rubyonrails rails/3.0.1-pre
version/rubyonrails rails/3.0.2
version/rubyonrails rails/3.0.2-pre
version/rubyonrails rails/3.0.3
version/rubyonrails rails/3.0.4-rc1
version/rubyonrails rails/3.0.5
version/rubyonrails rails/3.0.5-rc1
version/rubyonrails rails/3.0.6
version/rubyonrails rails/3.0.6-rc1
version/rubyonrails rails/3.0.6-rc2
version/rubyonrails rails/3.0.7
version/rubyonrails rails/3.0.7-rc1
version/rubyonrails rails/3.0.7-rc2
version/rubyonrails rails/3.0.8
version/rubyonrails rails/3.0.8-rc1
version/rubyonrails rails/3.0.8-rc2
version/rubyonrails rails/3.0.8-rc3
version/rubyonrails rails/3.0.8-rc4
version/rubyonrails rails/3.0.9
version/rubyonrails rails/3.0.9-rc1
version/rubyonrails rails/3.0.9-rc2
version/rubyonrails rails/3.0.9-rc3
version/rubyonrails rails/3.0.9-rc4
version/rubyonrails rails/3.0.9-rc5
version/rubyonrails rails/3.0.10
version/rubyonrails rails/3.0.10-rc1
version/rubyonrails rails/3.0.11
version/rubyonrails rails/3.0.12
version/rubyonrails rails/3.0.12-rc1
version/rubyonrails rails/3.0.13
version/rubyonrails rails/3.0.13-rc1
version/rubyonrails rails/3.0.14
version/rubyonrails rails/3.0.16
version/rubyonrails rails/3.0.17
version/rubyonrails rails/3.0.18
version/rubyonrails rails/3.0.19
version/rubyonrails rails/3.0.20
version/rubyonrails rails/3.1.0
version/rubyonrails rails/3.1.0-beta1
version/rubyonrails rails/3.1.0-rc1
version/rubyonrails rails/3.1.0-rc2
version/rubyonrails rails/3.1.0-rc3
version/rubyonrails rails/3.1.0-rc4
version/rubyonrails rails/3.1.0-rc5
version/rubyonrails rails/3.1.0-rc6
version/rubyonrails rails/3.1.0-rc7
version/rubyonrails rails/3.1.0-rc8
version/rubyonrails rails/3.1.1
version/rubyonrails rails/3.1.1-rc1
version/rubyonrails rails/3.1.1-rc2
version/rubyonrails rails/3.1.1-rc3
version/rubyonrails rails/3.1.2
version/rubyonrails rails/3.1.2-rc1
version/rubyonrails rails/3.1.2-rc2
version/rubyonrails rails/3.1.3
version/rubyonrails rails/3.1.4
version/rubyonrails rails/3.1.4-rc1
version/rubyonrails rails/3.1.5
version/rubyonrails rails/3.1.5-rc1
version/rubyonrails rails/3.1.6
version/rubyonrails rails/3.1.7
version/rubyonrails rails/3.1.8
version/rubyonrails rails/3.1.9
version/rubyonrails rails/3.1.10
version/rubyonrails rails/3.2.0
version/rubyonrails rails/3.2.0-rc1
version/rubyonrails rails/3.2.0-rc2
version/rubyonrails rails/3.2.1
version/rubyonrails rails/3.2.2
version/rubyonrails rails/3.2.2-rc1
version/rubyonrails rails/3.2.3
version/rubyonrails rails/3.2.3-rc1
version/rubyonrails rails/3.2.3-rc2
version/rubyonrails rails/3.2.4
version/rubyonrails rails/3.2.4-rc1
version/rubyonrails rails/3.2.5
version/rubyonrails rails/3.2.6
version/rubyonrails rails/3.2.7
version/rubyonrails rails/3.2.8
version/rubyonrails rails/3.2.9
version/rubyonrails rails/3.2.10
version/rubyonrails rails/3.2.11
version/rubyonrails rails/3.2.12
version/rubyonrails rails/3.2.13
version/rubyonrails rails/3.2.13-rc1
version/rubyonrails rails/3.2.13-rc2
canonical/ruby on rails
version/ruby on rails/3.2.15
version/ruby on rails/3.0.4
version/ruby on rails/3.1.11
version/ruby on rails/3.2.14
version/ruby on rails/3.2.14-rc1
version/ruby on rails/3.2.14-rc2
version/ruby on rails/3.2.15-rc1
version/ruby on rails/3.2.15-rc2
version/rubyonrails rails/4.0.1
version/rubyonrails rails/4.0.0
version/rubyonrails rails/4.0.0-beta
version/rubyonrails rails/4.0.0-rc1
version/rubyonrails rails/4.0.0-rc2
version/rubyonrails rails/4.0.1-rc1

CVE-2013-6417

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-6417?

How do I fix CVE-2013-6417?

What components are affected by CVE-2013-6417?

Can CVE-2013-6417 affect database integrity?

Is CVE-2013-6417 a critical vulnerability?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2013-6417?

How do I fix CVE-2013-6417?

What components are affected by CVE-2013-6417?

Can CVE-2013-6417 affect database integrity?

Is CVE-2013-6417 a critical vulnerability?