class Dawn::Kb::CVE_2013_6461

Public Class Methods

new() click to toggle source
Calls superclass method Dawn::Kb::ComboCheck::new
# File lib/dawn/kb/cve_2013_6461.rb, line 33
                                def initialize
          message = "There is an entity expansion vulnerability in Nokogiri when using JRuby. Nokogiri users on JRuby using the native Java extension.  Attackers can send
XML documents with carefully crafted entity expansion strings which can cause the server to run out of memory and crash."
          super({
            :name=>"CVE-2013-6461",
            :cvss=>"AV:N/AC:M/Au:N/C:N/I:N/A:P",
            :release_date => Date.new(2013, 12, 15),
            :cwe=>"",
            :owasp=>"A9", 
            :applies=>["rails", "sinatra", "padrino"],
            :kind=>Dawn::KnowledgeBase::COMBO_CHECK,
            :message=>message,
            :mitigation=>"Please upgrade nokogiri gem to a newer version",
            :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA"],
            :checks=>[CVE_2013_6461_a.new, CVE_2013_6461_b.new]
          })





                                end