Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2013-1821
Deferred
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-09 Apr, 2013 | 21:55
Updated At-11 Apr, 2025 | 00:51

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Ruby
ruby-lang
>>ruby>>Versions up to 1.9.3(inclusive)
cpe:2.3:a:ruby-lang:ruby:*:p385:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9
cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.1
cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.2
cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.3
cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.3
cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.3
cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.3
cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.3
cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.3
cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>2.0
cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>2.0.0
cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>2.0.0
cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>2.0.0
cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Per: http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/ "Affected versions All ruby 1.9 versions prior to ruby 1.9.3 patchlevel 392 All ruby 2.0 versions prior to ruby 2.0.0 patchlevel 0 prior to trunk revision 39384"

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525secalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0611.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0612.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-1028.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-1147.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/52783secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/52902secalert@redhat.com
Vendor Advisory
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384secalert@redhat.com
N/A
http://www.debian.org/security/2013/dsa-2738secalert@redhat.com
N/A
http://www.debian.org/security/2013/dsa-2809secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:124secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2013/03/06/5secalert@redhat.com
N/A
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlsecalert@redhat.com
N/A
http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/secalert@redhat.com
Vendor Advisory
http://www.securityfocus.com/bid/58141secalert@redhat.com
N/A
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-1780-1secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=914716secalert@redhat.com
N/A
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092secalert@redhat.com
N/A
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0611.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0612.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-1028.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-1147.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/52783af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/52902af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2013/dsa-2738af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2013/dsa-2809af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:124af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2013/03/06/5af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/58141af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1780-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=914716af854a3a-2127-422b-91ae-364da2661108
N/A
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092af854a3a-2127-422b-91ae-364da2661108
N/A
Change History
0Changes found
Details not found