CVE-2013-1812 Common Vulnerabilities and Exposures

Upstream information

CVE-2013-1812 at MITRE

Description

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

SUSE Bugzilla entry: 804717 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SU-2013:1036-1, published Mon Jun 17 15:04:10 MDT 2013

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Studio Onsite 1.3	`susestudio >= 1.3.1.0-0.5.2` `susestudio-bundled-packages >= 1.3.1.0-0.5.2` `susestudio-common >= 1.3.1.0-0.5.2` `susestudio-runner >= 1.3.1.0-0.5.2` `susestudio-sid >= 1.3.1.0-0.5.2` `susestudio-ui-server >= 1.3.1.0-0.5.2`	Patchnames: slestso13-susestudio
SUSE Studio Onsite Runner 1.2	`rubygem-ruby-openid >= 2.1.8-0.5.1`	Patchnames: slestso12-rubygem-ruby-openid

SUSE Timeline for this CVE

CVE page created: Fri Jun 28 09:02:55 2013
CVE page last modified: Fri Oct 13 18:59:24 2023