Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2008-3790
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-27 Aug, 2008 | 20:41
Updated At-23 Apr, 2026 | 00:35

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Ruby
ruby-lang
>>ruby>>1.8.6
cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.6
cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.6
cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.6
cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.6
cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.6
cpe:2.3:a:ruby-lang:ruby:1.8.6:p286:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.6
cpe:2.3:a:ruby-lang:ruby:1.8.6:p287:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.6
cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.6
cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.6
cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.6
cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.7
cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.7
cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.7
cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.7
cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.7
cpe:2.3:a:ruby-lang:ruby:1.8.7:p72:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.7
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.7
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.7
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.8.7
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9
cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352cacve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlcve@mitre.org
N/A
http://secunia.com/advisories/31602cve@mitre.org
N/A
http://secunia.com/advisories/32165cve@mitre.org
N/A
http://secunia.com/advisories/32219cve@mitre.org
N/A
http://secunia.com/advisories/32255cve@mitre.org
N/A
http://secunia.com/advisories/32256cve@mitre.org
N/A
http://secunia.com/advisories/32371cve@mitre.org
N/A
http://secunia.com/advisories/33178cve@mitre.org
N/A
http://secunia.com/advisories/33185cve@mitre.org
N/A
http://secunia.com/advisories/35074cve@mitre.org
N/A
http://security.gentoo.org/glsa/glsa-200812-17.xmlcve@mitre.org
N/A
http://support.apple.com/kb/HT3549cve@mitre.org
N/A
http://support.avaya.com/elmodocs2/security/ASA-2008-424.htmcve@mitre.org
N/A
http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-releasecve@mitre.org
N/A
http://www.debian.org/security/2008/dsa-1651cve@mitre.org
N/A
http://www.debian.org/security/2008/dsa-1652cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/08/25/4cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/08/26/1cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/08/26/4cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2008-0897.htmlcve@mitre.org
N/A
http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/cve@mitre.org
Exploit
Patch
http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rbcve@mitre.org
Patch
http://www.securityfocus.com/bid/30802cve@mitre.org
N/A
http://www.securitytracker.com/id?1020735cve@mitre.org
N/A
http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlcve@mitre.org
US Government Resource
http://www.vupen.com/english/advisories/2008/2428cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2008/2483cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/1297cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/44628cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393cve@mitre.org
N/A
https://usn.ubuntu.com/651-1/cve@mitre.org
N/A
https://usn.ubuntu.com/691-1/cve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.htmlcve@mitre.org
N/A
http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352caaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/31602af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/32165af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/32219af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/32255af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/32256af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/32371af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/33178af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/33185af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/35074af854a3a-2127-422b-91ae-364da2661108
N/A
http://security.gentoo.org/glsa/glsa-200812-17.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT3549af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/elmodocs2/security/ASA-2008-424.htmaf854a3a-2127-422b-91ae-364da2661108
N/A
http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-releaseaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2008/dsa-1651af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2008/dsa-1652af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2008/08/25/4af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2008/08/26/1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2008/08/26/4af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2008-0897.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rbaf854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securityfocus.com/bid/30802af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1020735af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2008/2428af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2008/2483af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/1297af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/44628af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/651-1/af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/691-1/af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/31602
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/32165
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/32219
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/32255
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/32256
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/32371
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/33178
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/33185
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/35074
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200812-17.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3549
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1651
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1652
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/08/25/4
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/08/26/1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/08/26/4
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0897.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
Source: cve@mitre.org
Resource:
Exploit
Patch
Hyperlink: http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.securityfocus.com/bid/30802
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1020735
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2008/2428
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/2483
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1297
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44628
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/651-1/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/691-1/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/31602
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/32165
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/32219
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/32255
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/32256
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/32371
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/33178
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/33185
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/35074
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200812-17.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3549
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1651
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1652
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/08/25/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/08/26/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/08/26/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0897.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securityfocus.com/bid/30802
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1020735
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2008/2428
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/2483
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1297
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44628
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/651-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/691-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found