CyberSec.Space Logo
CVEブラウザに戻る

CVE-2013-1812

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0190%
EPSS Percentile21.92th
Published2013年12月12日
Last Modified2026年4月29日

Vulnerability Description

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.

Affected Platforms (CPE)

💻
Fedoraproject

Fedora

= 17
💻
Fedoraproject

Fedora

= 18
📦
Janrain

Ruby Openid

<= 2.2.1
📦
Janrain

Ruby Openid

= 2.2.0

References & Advisories

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120204.html
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120361.html
🔗 http://www.openwall.com/lists/oss-security/2013/03/03/8
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=918134
🔗 https://github.com/openid/ruby-openid/blob/master/CHANGELOG.md
🔗 https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed
🔗 https://github.com/openid/ruby-openid/pull/43
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120204.html

関連する脆弱性情報

CVE-2012-265310.0

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might...

CVE-2006-374210.0

The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a ...

CVE-2009-189610.0

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedo...

CVE-2016-07269.8

The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it e...