Published: 12/12/2013 Updated: 13/12/2013

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The ruby-openid gem prior to 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject fedora 18
fedoraproject fedora 17
janrain ruby-openid
janrain ruby-openid 2.2.0

Debian Bug report logs - #702217 CVE-2013-1812: DoS Package: ruby-openid; Maintainer for ruby-openid is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Source for ruby-openid is src:ruby-openid (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 4 M ...

CWE-399 http://www.openwall.com/lists/oss-security/2013/03/03/8 https://github.com/openid/ruby-openid/blob/master/CHANGELOG.md http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120204.html http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120361.html https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed https://github.com/openid/ruby-openid/pull/43 https://bugzilla.redhat.com/show_bug.cgi?id=918134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702217 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-1812

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect