The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method.
Metrics
No CVSS v4.0
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
AV:N/AC:L/Au:N/C:N/I:N/A:P
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Cloudforms Cloudengine |
|
Redhat |
|
Rhel Sam |
|
Rubyonrails |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
CloudForms for RHEL 6 | |||
converge-ui-devel-0:1.0.4-1.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
puppet-0:2.6.17-2.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-actionpack-1:3.0.10-10.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-activerecord-1:3.0.10-6.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-activesupport-1:3.0.10-4.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-chunky_png-0:1.2.0-3.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-compass-0:0.11.5-2.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-compass-960-plugin-0:0.10.4-2.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-delayed_job-0:2.1.4-2.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-ldap_fluff-0:0.1.3-1.el6_3 | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-mail-0:2.3.0-3.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-net-ldap-0:0.1.1-3.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
Red Hat Subscription Asset Manager 1.1 | |||
rubygem-actionpack-1:3.0.10-11.el6cf | cpe:/a:rhel_sam:1.1::el6 | RHSA-2013:0154 | 2013-01-10T00:00:00Z |
rubygem-activerecord-1:3.0.10-8.el6cf | cpe:/a:rhel_sam:1.1::el6 | RHSA-2013:0154 | 2013-01-10T00:00:00Z |
rubygem-activesupport-1:3.0.10-5.el6cf | cpe:/a:rhel_sam:1.1::el6 | RHSA-2013:0154 | 2013-01-10T00:00:00Z |
RHEL 6 Version of OpenShift Enterprise | |||
graphviz-0:2.26.0-10.el6 | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-console-0:0.0.16-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-broker-0:1.0.11-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-broker-util-0:1.0.15-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-cron-1.4-0:1.0.3-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-diy-0.1-0:1.0.3-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-haproxy-1.4-0:1.0.4-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-jbosseap-6.0-0:1.0.4-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-jbossews-1.0-0:1.0.13-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-jenkins-1.4-0:1.0.2-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-jenkins-client-1.4-0:1.0.2-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-mysql-5.1-0:1.0.5-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-perl-5.10-0:1.0.3-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-php-5.3-0:1.0.5-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-postgresql-8.4-0:1.0.3-2.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-ruby-1.8-0:1.0.7-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-ruby-1.9-scl-0:1.0.8-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-msg-node-mcollective-0:1.0.3-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
php-0:5.3.3-22.el6 | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
ruby193-ruby-0:1.9.3.327-25.el6 | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
ruby193-rubygem-actionpack-1:3.2.8-3.el6 | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
ruby193-rubygem-activemodel-0:3.2.8-2.el6 | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
ruby193-rubygem-activerecord-1:3.2.8-3.el6 | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
ruby193-rubygem-railties-0:3.2.8-2.el6 | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
ruby193-rubygem-ruby_parser-0:2.3.1-3.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-actionpack-1:3.0.13-4.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-activemodel-0:3.0.13-3.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-activerecord-1:3.0.13-5.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-bson-0:1.8.1-2.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-mongo-0:1.8.1-2.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-openshift-origin-auth-remote-user-0:1.0.5-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-openshift-origin-console-0:1.0.10-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-openshift-origin-controller-0:1.0.12-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-openshift-origin-node-0:1.0.11-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-ruby_parser-0:2.0.4-6.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2012-08-08T10:00:00
Updated: 2024-08-06T20:05:12.401Z
Reserved: 2012-06-14T00:00:00
Link: CVE-2012-3424
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-08-08T10:26:19.063
Modified: 2024-11-21T01:40:50.900
Link: CVE-2012-3424
Redhat