Ruby on Rails To_JSON Script Injection Vulnerability

Bugtraq ID: 24161
Class: Input Validation Error
CVE: CVE-2007-3227
Remote: Yes
Local: No
Published: May 25 2007 12:00AM
Updated: Nov 23 2007 05:44PM
Credit: BCC reported this issue to the vendor.
Vulnerable: SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10 SP1
SuSE Suse Linux Enterprise Desktop 10 SP1
SuSE Linux Enterprise Server 10.SP1
SuSE Linux 10.1 x86-64
SuSE Linux 10.1 x86
SuSE Linux 10.1 ppc
SuSE Linux 10.0 x86-64
SuSE Linux 10.0 x86
SuSE Linux 10.0 ppc
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 0
Ruby on Rails Ruby on Rails 1.2.3
Novell Linux POS 9
Novell Linux Desktop 9
Gentoo Linux
Gentoo dev-ruby/rails 1.2.4
Not Vulnerable: Gentoo dev-ruby/rails 1.2.5


Privacy Statement
Copyright 2010, SecurityFocus