Vulnerability-Lookup

CVE-2012-3424 (GCVE-0-2012-3424)

Vulnerability from cvelistv5 – Published: 2012-08-08 10:00 – Updated: 2024-08-06 20:05

Summary

The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

CERTA-2012-AVI-409

Vulnerability from certfr_avis - Published: 2012-07-30 - Updated: 2012-07-30

Une vulnérabilité a été corrigée dans Ruby on Rails. Cette vulnérabilité peut être utilisée par une personne malveillante distante afin de provoquer un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ruby on Rails	Ruby on Rails	Ruby on Rails 3.1.x versions antérieures à 3.1.7 ;
Ruby on Rails	Ruby on Rails	Ruby on Rails 3.0.x versions antérieures à 3.0.16 ;
Ruby on Rails	Ruby on Rails	Ruby on Rails 3.2.x versions antérieures à 3.2.7.

References

Title

Publication Time

GHSA-92W9-2PQW-RHJJ

Vulnerability from github – Published: 2017-10-24 18:33 – Updated: 2025-01-22 15:09

Summary

actionpack Improper Authentication vulnerability

Details

The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "actionpack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0.beta"
            },
            {
              "fixed": "3.0.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "actionpack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "actionpack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.0"
            },
            {
              "fixed": "3.2.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "actionpack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2012-3424"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:27:14Z",
    "nvd_published_at": "2012-08-08T10:26:19Z",
    "severity": "MODERATE"
  },
  "details": "The `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.",
  "id": "GHSA-92w9-2pqw-rhjj",
  "modified": "2025-01-22T15:09:51Z",
  "published": "2017-10-24T18:33:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3424"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rails/rails"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en\u0026dmode=source\u0026output=gplain"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html"
    },
    {
      "type": "WEB",
      "url": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "actionpack Improper Authentication vulnerability"
}

GSD-2012-3424

Vulnerability from gsd - Updated: 2012-07-26 00:00

Details

Aliases

CVE-2012-3424

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-3424",
    "description": "The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method.",
    "id": "GSD-2012-3424",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-3424.html",
      "https://access.redhat.com/errata/RHSA-2013:0582",
      "https://access.redhat.com/errata/RHSA-2013:0154",
      "https://access.redhat.com/errata/RHSA-2012:1542"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "actionpack",
            "purl": "pkg:gem/actionpack"
          }
        }
      ],
      "aliases": [
        "CVE-2012-3424",
        "OSVDB-84243"
      ],
      "details": "The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method.",
      "id": "GSD-2012-3424",
      "modified": "2012-07-26T00:00:00.000Z",
      "published": "2012-07-26T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3424"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 5.0,
          "type": "CVSS_V2"
        }
      ],
      "summary": "CVE-2012-3424 rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2012-3424",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[rubyonrails-security] 20120726 Ruby on Rails DoS Vulnerability in authenticate_or_request_with_http_digest (CVE-2012-3424)",
            "refsource": "MLIST",
            "url": "https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en\u0026dmode=source\u0026output=gplain"
          },
          {
            "name": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released/",
            "refsource": "CONFIRM",
            "url": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released/"
          },
          {
            "name": "openSUSE-SU-2012:1066",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"
          },
          {
            "name": "RHSA-2013:0154",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2012-3424",
      "cvss_v2": 5.0,
      "date": "2012-07-26",
      "description": "The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method.",
      "framework": "rails",
      "gem": "actionpack",
      "osvdb": 84243,
      "patched_versions": [
        "~\u003e 3.0.16",
        "~\u003e 3.1.7",
        "\u003e= 3.2.7"
      ],
      "title": "CVE-2012-3424 rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest",
      "unaffected_versions": [
        "\u003e= 2.3.5, \u003c= 2.3.14"
      ],
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3424"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=3.0.0 \u003c3.0.16 || \u003e=3.1.0 \u003c3.1.7 || \u003e=3.2.0 \u003c3.2.7",
          "affected_versions": "All versions starting from 3.0.0 before 3.0.16, all versions starting from 3.1.0 before 3.1.7, all versions starting from 3.2.0 before 3.2.7",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cwe_ids": [
            "CWE-1035",
            "CWE-287",
            "CWE-937"
          ],
          "date": "2019-08-08",
          "description": "All users using Digest Authentication support in Rails should upgrade immediately. Impacted code uses any of the `with_http_digest` controller helper methods.",
          "fixed_versions": [
            "3.0.16",
            "3.1.7",
            "3.2.7"
          ],
          "identifier": "CVE-2012-3424",
          "identifiers": [
            "CVE-2012-3424"
          ],
          "not_impacted": "2.3.5 - 2.3.14",
          "package_slug": "gem/actionpack",
          "pubdate": "2012-08-08",
          "solution": "Upgrade and patches available (see source)",
          "title": "DoS Vulnerability in authenticate_or_request_with_http_digest",
          "urls": [
            "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2012-3424/rubyonrails-security/vxJjrc15qYM/fRQl-vIyTSQJ"
          ],
          "uuid": "b65674b5-898e-4192-9f17-bffd6643dbf1"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-3424"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[rubyonrails-security] 20120726 Ruby on Rails DoS Vulnerability in authenticate_or_request_with_http_digest (CVE-2012-3424)",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en\u0026dmode=source\u0026output=gplain"
            },
            {
              "name": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released/"
            },
            {
              "name": "openSUSE-SU-2012:1066",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"
            },
            {
              "name": "RHSA-2013:0154",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-08-08T15:42Z",
      "publishedDate": "2012-08-08T10:26Z"
    }
  }
}

FKIE_CVE-2012-3424

Vulnerability from fkie_nvd - Published: 2012-08-08 10:26 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
	secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-0154.html
	secalert@redhat.com	http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released/
	secalert@redhat.com	https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-0154.html
	af854a3a-2127-422b-91ae-364da2661108	http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released/
	af854a3a-2127-422b-91ae-364da2661108	https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain

Impacted products

Vendor	Product	Version
rubyonrails	rails	3.0.0
rubyonrails	rails	3.0.0
rubyonrails	rails	3.0.0
rubyonrails	rails	3.0.0
rubyonrails	rails	3.0.0
rubyonrails	rails	3.0.0
rubyonrails	rails	3.0.0
rubyonrails	rails	3.0.1
rubyonrails	rails	3.0.1
rubyonrails	rails	3.0.2
rubyonrails	rails	3.0.2
rubyonrails	rails	3.0.3
rubyonrails	rails	3.0.4
rubyonrails	rails	3.0.5
rubyonrails	rails	3.0.5
rubyonrails	rails	3.0.6
rubyonrails	rails	3.0.6
rubyonrails	rails	3.0.6
rubyonrails	rails	3.0.7
rubyonrails	rails	3.0.7
rubyonrails	rails	3.0.7
rubyonrails	rails	3.0.8
rubyonrails	rails	3.0.8
rubyonrails	rails	3.0.8
rubyonrails	rails	3.0.8
rubyonrails	rails	3.0.8
rubyonrails	rails	3.0.9
rubyonrails	rails	3.0.9
rubyonrails	rails	3.0.9
rubyonrails	rails	3.0.9
rubyonrails	rails	3.0.9
rubyonrails	rails	3.0.9
rubyonrails	rails	3.0.10
rubyonrails	rails	3.0.10
rubyonrails	rails	3.0.11
rubyonrails	rails	3.0.12
rubyonrails	rails	3.0.12
rubyonrails	rails	3.0.13
rubyonrails	rails	3.0.13
rubyonrails	rails	3.0.14
rubyonrails	ruby_on_rails	3.0.4
rubyonrails	rails	3.1.0
rubyonrails	rails	3.1.0
rubyonrails	rails	3.1.0
rubyonrails	rails	3.1.0
rubyonrails	rails	3.1.0
rubyonrails	rails	3.1.0
rubyonrails	rails	3.1.0
rubyonrails	rails	3.1.0
rubyonrails	rails	3.1.0
rubyonrails	rails	3.1.0
rubyonrails	rails	3.1.1
rubyonrails	rails	3.1.1
rubyonrails	rails	3.1.1
rubyonrails	rails	3.1.1
rubyonrails	rails	3.1.2
rubyonrails	rails	3.1.2
rubyonrails	rails	3.1.2
rubyonrails	rails	3.1.3
rubyonrails	rails	3.1.4
rubyonrails	rails	3.1.4
rubyonrails	rails	3.1.5
rubyonrails	rails	3.1.5
rubyonrails	rails	3.1.6
rubyonrails	rails	3.2.0
rubyonrails	rails	3.2.0
rubyonrails	rails	3.2.0
rubyonrails	rails	3.2.1
rubyonrails	rails	3.2.2
rubyonrails	rails	3.2.2
rubyonrails	rails	3.2.3
rubyonrails	rails	3.2.3
rubyonrails	rails	3.2.3
rubyonrails	rails	3.2.4
rubyonrails	rails	3.2.4
rubyonrails	rails	3.2.5
rubyonrails	rails	3.2.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3BE7DFE-BA20-434B-A1DE-AD038B255C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "DCEE5B21-C990-4705-8239-0D7B29DAEDA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "65EE33B1-B079-4CDE-B9C2-F1613A4610DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "5CAAA20B-824F-4448-99DC-9712FE628073",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "D2BEBDFB-0F30-454A-B74C-F820C9D2708B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*",
              "matchCriteriaId": "1D7CD8C1-95D1-477E-AD96-6582EC33BA01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B6F00D98-3D0F-40AF-AE4F-090B1E6B660C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9476CE55-69C0-45D3-B723-6F459C90BF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*",
              "matchCriteriaId": "486F5BA6-BCF7-4691-9754-19D364B4438D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "112FC73B-A8BC-4EEA-9F4B-CCE685EF2838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*",
              "matchCriteriaId": "E4498383-6FCA-4E17-A1FD-B0CE7EE50F85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26565B1-2BA6-4A3C-9264-7FC9A1820B59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "644EF85E-6D3E-4F5C-96B0-49AD2A2D90CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "392E2D58-CB39-4832-B4D9-9C2E23B8E14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1F2466EA-7039-46A1-B4A3-8DACD1953A59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CAB4E72-0A15-4B26-9B69-074C278568D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A085E105-9375-440A-80CB-9B23E6D7EB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "25911E48-C5D7-4ED8-B4DB-7523A74CCF49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE6EC1E5-3A4A-4751-9F77-28EF5AF681E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B29674E3-CC80-446B-9A43-82594AE7A058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FF34D8CB-2B6D-4CB8-A206-108293BCFFE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5187F6-E3AC-4E0D-B1D0-83DE76C20A4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "272268EE-E3E8-4683-B679-55D748877A7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7B69FD33-61FE-4F10-BBE1-215F59035D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "08D7CB5D-82EF-4A24-A792-938FAB40863D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "8A044B21-47D5-468D-AF4A-06B3B5CC0824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2196F3D0-532A-40F9-843A-1DFBC8B63FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CBEDA932-6CB5-438C-94E4-824732A91BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "903E5524-5E45-48CE-A804-EDAEBE3A79AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "08534AF2-F94E-4FB6-A572-4FB9827276D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "29E3B4A6-1346-4358-B7BC-84D00ED3ABBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "B52D7A6B-DD93-45F0-9186-18ABEFF28DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F07C641-48DF-43BE-9EB5-72B337C54846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A1CB1B12-99F5-430F-AE19-9A95C17FA123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A7C449-8F9A-4CE5-9C3D-375996BFAEE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "05D5D58C-DB79-41EA-81AE-5D95C48211B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FE331D6D-99BA-4369-AD8B-B556DEE4955F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "58304E17-ADFD-4686-9CCF-C1CA31843B94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "05108EF0-81AD-4378-9843-5C23F2AC79A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EE7DA7E-23A5-42AF-9D5C-39240CE2FBDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "224BD488-0D7E-4F8B-9012-DE872DEB544C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB51F3E9-4899-49A9-9E7B-0DCA92A91DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "F884F2F4-94F3-46CB-860B-1BCC0EEF408A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "88DFBB48-1C29-4639-9369-F5B413CA2337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D37696D7-BEE6-4587-9E33-A7FE24780409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E95B5D44-0C8D-47BC-A89D-48A5BDEB84F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "1DFDAF6A-76AA-436F-A4F3-DA69892DE2B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "D3172982-3FA4-427F-BE3E-2321D804E49D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "FD6EC85B-F092-48FF-966A-96B9227C8656",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "9000F3C1-57A0-474C-9C82-E58688F29838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "6E55E42E-AB6A-4E47-AC69-DFDAEB0A8735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A42F4E7A-6F6A-485C-8D30-95F3B0285922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "30B9C0CB-F6E6-4233-84E4-D6E69104DD73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "84309CC7-A8B7-4ADB-AEA1-964DA5F7B0E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5343241F-274D-45FF-97C7-2BC2E920BAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED122B8-AF4C-4C48-B1E5-54F4A7A31A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "157ACCAD-0FB8-4CC9-9DFB-70835DE6506C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3E50ACF6-7277-4C9A-B42A-E7EFDC317691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C191DC2B-1EC3-48E0-A586-867E6EE4431C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA51263-6680-42C6-B119-8241D6F76206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B4BC41E8-FEDA-4C31-B479-D49A59FC4D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C20971-53B5-43B0-AC45-5AA0FDF1B054",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D1AEFA5D-A793-4BAB-8DED-3D3A31260AD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "496902D6-409A-40D9-849F-C41264BE5B04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2816C02C-E13E-4367-91F3-14756A90EC9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E82AF7C7-B725-40EF-8EE3-18F8E7FAEB29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1AE674DE-65DB-437E-A034-A2EE5C584B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0524F3E3-BAD7-4CD3-A6E7-74CFBE4B46E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "32EB2C3F-0F24-43DB-988E-BD2973598F71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EB32713D-FE64-445E-872E-B4678C243AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C55E6B4A-2B9C-46C8-A739-109EA4BA7FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "89C618DC-38BC-4484-8C41-BC38B7EB636B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FE1EF01A-F358-45D3-ADA2-51DD1D8CB6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC2616BD-A4E8-42F3-BB5A-7517DC4EDA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0E376782-98B0-4766-B6FC-67E032A00C62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D08DC1-14E9-4DB9-BC95-3F73B454FBC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F365C9E5-27DC-46C3-AFE4-4876EC7B352B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method."
    },
    {
      "lang": "es",
      "value": "El m\u00e9todo decode_credentials method en actionpack/lib/action_controller/metal/http_authentication.rb en Ruby on Rails 3.x anterior a 3.0.16, 3.1.x anterior a 3.1.7, y 3.2.x anterior a 3.2.7 convierte las cadenas Digest Authentication a s\u00edmbolos, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio aprovechando el acceso a una aplicaci\u00f3n que se utiliza un m\u00e9todo de ayuda with_http_digest, como se demostr\u00f3 con el m\u00e9todo authenticate_or_request_with_http_digest."
    }
  ],
  "id": "CVE-2012-3424",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-08T10:26:19.063",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en\u0026dmode=source\u0026output=gplain"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en\u0026dmode=source\u0026output=gplain"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-3424 (GCVE-0-2012-3424)

CERTA-2012-AVI-409

Solution

GHSA-92W9-2PQW-RHJJ

GSD-2012-3424

FKIE_CVE-2012-3424

Tags

Sightings

Nomenclature