Your submission was sent successfully! Close

CVE-2010-0541

Published: 17 June 2010

Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page.

Notes

AuthorNote
tyhicks
Fixed upstream in 1.8.7.302
Priority

Low

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Ignored
(reached end-of-life)
jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid
Released (1.8.7.249-2ubuntu0.1)
maverick
Released (1.8.7.299-2ubuntu0.1)
natty Not vulnerable
(1.8.7.302-2)
oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable

raring Not vulnerable

saucy Not vulnerable

upstream
Released (1.8.7.302-1)
Patches:
upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=29002
ruby1.9
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Ignored
(reached end-of-life)
jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid Ignored
(reached end-of-life)
maverick Does not exist
(pulled 2010-07-27)
natty Does not exist
(pulled 2010-07-27)
oneiric Does not exist
(pulled 2010-07-27)
precise Does not exist
(pulled 2010-07-27)
quantal Does not exist
(pulled 2010-07-27)
raring Does not exist
(pulled 2010-07-27)
saucy Does not exist
(pulled 2010-07-27)
upstream Needs triage

ruby1.9.1
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
maverick Not vulnerable
(1.9.2.0-1)
natty Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable

raring Not vulnerable

saucy Not vulnerable

upstream Needs triage