Ruby on Rails Active Record CVE-2012-2695 SQL Injection Vulnerability
|
Bugtraq ID:
|
53970
|
|
Class:
|
Input Validation Error
|
|
CVE:
|
CVE-2012-2695
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Jun 12 2012 12:00AM
|
|
Updated:
|
Mar 21 2013 01:46PM
|
|
Credit:
|
Justin Collins, Ernie Miller, Gabriel Quadros, Takeshi Terada of Mitsui Bussan Secure Directions and Tomás D'Stefano
|
|
Vulnerable:
|
SuSE WebYaST 1.2
+
S.u.S.E. Linux 8.1
+
S.u.S.E. Linux Personal 9.1
+
S.u.S.E. Linux Personal 9.0 x86_64
+
S.u.S.E. Linux Personal 9.0
+
S.u.S.E. Linux Personal 8.2
SuSE SUSE Linux Enterprise SDK 11 SP2
SuSE SUSE Linux Enterprise SDK 11 SP1
SuSE Studio Standard Edition 1.2
SuSE Studio Onsite 1.2
SuSE Studio Extension for System z 1.2
SuSE openSUSE 12.1
SuSE openSUSE 11.4
Ruby on Rails Ruby on Rails 3.2.4
Ruby on Rails Ruby on Rails 3.2.2
Ruby on Rails Ruby on Rails 3.1.5
Ruby on Rails Ruby on Rails 3.1.4
Ruby on Rails Ruby on Rails 3.1.2
Ruby on Rails Ruby on Rails 3.0.13
Ruby on Rails Ruby on Rails 3.0.12
Ruby on Rails Ruby on Rails 3.0.11
Ruby on Rails Ruby on Rails 3.0.6
Ruby on Rails Ruby on Rails 3.0.5
Ruby on Rails Ruby on Rails 3.0.4
Ruby on Rails Ruby on Rails 3.0.3
Ruby on Rails Ruby on Rails 3.0.2
Ruby on Rails Ruby on Rails 3.0.1
Ruby on Rails Ruby on Rails 3.0
Ruby on Rails Ruby on Rails 3.1.0.rc6
Ruby on Rails Ruby on Rails 3.1.0.rc5
Ruby on Rails Ruby on Rails 3.0.8
Ruby on Rails Ruby on Rails 3.0.7
Ruby on Rails Ruby on Rails 3.0.10
Red Hat Fedora 17
Red Hat Fedora 16
|
|
|
|
Not Vulnerable:
|
|
|
