actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.

rubygem-actionpack-3_2 was updated to fix security issues :

  - fix CVE-2014-0081: XSS Vulnerability in     number_to_currency, number_to_percentage and     number_to_human (bnc#864433) 

  - fix CVE-2014-0082: Denial of Service Vulnerability in     Action View when using render :text (bnc#864431)

Several vulnerabilities were discovered in Action Pack, a component of Ruby on Rails.

  - CVE-2014-0081     actionview/lib/action_view/helpers/number_helper.rb     contains multiple cross-site scripting vulnerabilities

  - CVE-2014-0082     actionpack/lib/action_view/template/text.rb performs     symbol interning on MIME type strings, allowing remote     denial-of-service attacks via increased memory     consumption.

  - CVE-2014-0130     A directory traversal vulnerability in     actionpack/lib/abstract_controller/base.rb allows remote     attackers to read arbitrary files.

According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.2.0.  As a result, it is reportedly affected by multiple vulnerabilities :

  - An error exists related to the PE consoles and     identity verification that could allow security     bypasses. (CVE-2013-4966)

  - An unspecified error exists related to endpoint nodes     that could allow information disclosure. (CVE-2013-4971)

  - SET ROLE bypasses lack of ADMIN OPTION when granting     roles. (CVE-2014-0060)

  - An error exists in the included Ruby on Rails version     related to the text rendering component of Action View     and handling MIME types that are converted to symbols     that could allow denial of service attacks.
    (CVE-2014-0082)

The remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2014:0306.

This fixes Ruby on Rails 3.2.17 security issues :

  - CVE-2014-0081

    - CVE-2014-0082

Includes security patches for :

  - CVE-2013-6417 - Incomplete fix to CVE-2013-0155 (Unsafe     Query Generation Risk)

    - CVE-2013-4491 - Reflective XSS Vulnerability in Ruby       on Rails

    - CVE-2013-6415 - XSS Vulnerability in       number_to_currency

    - CVE-2013-6414 - Denial of Service Vulnerability in       Action View

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
75268	openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2014:0295-1)	Nessus	SuSE Local Security Checks	medium
74043	Debian DSA-2929-1 : ruby-actionpack-3.2 - security update	Nessus	Debian Local Security Checks	medium
73135	Puppet Enterprise 3.x < 3.2.0 Multiple Vulnerabilities	Nessus	CGI abuses	medium
73064	CentOS 6 : ruby193-rubygem-actionpack (CESA-2014:0306)	Nessus	CentOS Local Security Checks	medium
72915	Fedora 19 : rubygem-actionpack-3.2.13-5.fc19 (2014-3232)	Nessus	Fedora Local Security Checks	medium

Detections

Analytics

CVE-2014-0082

high

Tenable Plugins

medium

medium

medium

medium

medium