CVE-2014-8080
Description
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
10.784
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.6 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.6 Combo Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.5 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.5 Combo Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.4 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.4 Combo Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.3 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.2 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.1 Update | Mac |
| Object-oriented scripting language (USN-2397-1) ruby2.0_2.0.0.484-1ubuntu2.2_i386.deb | Linux |
| Object-oriented scripting language (USN-2397-1) ruby2.0_2.0.0.484-1ubuntu2.2_amd64.deb | Linux |
| Object-oriented scripting language (USN-2397-1) ruby1.9.1_1.9.3.484-2ubuntu1.2_i386.deb | Linux |
| Object-oriented scripting language (USN-2397-1) ruby1.9.1_1.9.3.484-2ubuntu1.2_amd64.deb | Linux |
| Object-oriented scripting language (USN-2397-1) libruby2.0_2.0.0.484-1ubuntu2.2_i386.deb | Linux |
| Object-oriented scripting language (USN-2397-1) libruby2.0_2.0.0.484-1ubuntu2.2_amd64.deb | Linux |
| Object-oriented scripting language (USN-2397-1) libruby1.9.1_1.9.3.484-2ubuntu1.2_i386.deb | Linux |
| Object-oriented scripting language (USN-2397-1) libruby1.9.1_1.9.3.484-2ubuntu1.2_amd64.deb | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-1.8.7.374-3.el6_6.i686.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-1.8.7.374-3.el6_6.x86_64.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-devel-1.8.7.374-3.el6_6.i686.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-devel-1.8.7.374-3.el6_6.x86_64.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-docs-1.8.7.374-3.el6_6.i686.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-docs-1.8.7.374-3.el6_6.x86_64.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-irb-1.8.7.374-3.el6_6.i686.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-irb-1.8.7.374-3.el6_6.x86_64.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-libs-1.8.7.374-3.el6_6.i686.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-libs-1.8.7.374-3.el6_6.x86_64.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-rdoc-1.8.7.374-3.el6_6.i686.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-rdoc-1.8.7.374-3.el6_6.x86_64.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-ri-1.8.7.374-3.el6_6.i686.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-ri-1.8.7.374-3.el6_6.x86_64.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-static-1.8.7.374-3.el6_6.i686.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-static-1.8.7.374-3.el6_6.x86_64.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-tcltk-1.8.7.374-3.el6_6.i686.rpm | Linux |
| (RHSA-2014:1911) Moderate: ruby security update ruby-tcltk-1.8.7.374-3.el6_6.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update ruby-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update ruby-devel-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update ruby-doc-2.0.0.353-22.el7_0.noarch.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update ruby-irb-2.0.0.353-22.el7_0.noarch.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update ruby-libs-2.0.0.353-22.el7_0.i686.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update ruby-libs-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update ruby-tcltk-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygem-bigdecimal-1.2.0-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygem-io-console-0.4.2-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygem-json-1.7.7-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygem-minitest-4.3.2-22.el7_0.noarch.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygem-psych-2.0.0-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygem-rake-0.9.6-22.el7_0.noarch.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygem-rdoc-4.0.0-22.el7_0.noarch.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygems-2.0.14-22.el7_0.noarch.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygems-devel-2.0.14-22.el7_0.noarch.rpm | Linux |
| Ruby193-ruby update (ELSA-2014-1913) ruby193-ruby-1.9.3.484-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-ruby-devel update (ELSA-2014-1913) ruby193-ruby-devel-1.9.3.484-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-ruby-doc update (ELSA-2014-1913) ruby193-ruby-doc-1.9.3.484-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-ruby-libs update (ELSA-2014-1913) ruby193-ruby-libs-1.9.3.484-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-ruby-tcltk update (ELSA-2014-1913) ruby193-ruby-tcltk-1.9.3.484-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-rubygem-bigdecimal update (ELSA-2014-1913) ruby193-rubygem-bigdecimal-1.1.0-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-rubygem-io-console update (ELSA-2014-1913) ruby193-rubygem-io-console-0.3-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-rubygem-json update (ELSA-2014-1913) ruby193-rubygem-json-1.5.5-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-rubygem-rdoc update (ELSA-2014-1913) ruby193-rubygem-rdoc-3.9.5-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-ruby-irb update (ELSA-2014-1913) ruby193-ruby-irb-1.9.3.484-50.0.1.el6.noarch.rpm | Linux |
| Ruby193-rubygem-minitest update (ELSA-2014-1913) ruby193-rubygem-minitest-2.5.1-50.0.1.el6.noarch.rpm | Linux |
| Ruby193-rubygem-rake update (ELSA-2014-1913) ruby193-rubygem-rake-0.9.2.2-50.0.1.el6.noarch.rpm | Linux |
| Ruby193-rubygems update (ELSA-2014-1913) ruby193-rubygems-1.8.23-50.0.1.el6.noarch.rpm | Linux |
| Ruby193-rubygems-devel update (ELSA-2014-1913) ruby193-rubygems-devel-1.8.23-50.0.1.el6.noarch.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update ruby-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update ruby-devel-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update ruby-doc-2.0.0.353-22.el7_0.noarch.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update ruby-irb-2.0.0.353-22.el7_0.noarch.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update ruby-libs-2.0.0.353-22.el7_0.i686.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update ruby-libs-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update ruby-tcltk-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygem-bigdecimal-1.2.0-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygem-io-console-0.4.2-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygem-json-1.7.7-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygem-minitest-4.3.2-22.el7_0.noarch.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygem-psych-2.0.0-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygem-rake-0.9.6-22.el7_0.noarch.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygem-rdoc-4.0.0-22.el7_0.noarch.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygems-2.0.14-22.el7_0.noarch.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygems-devel-2.0.14-22.el7_0.noarch.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600754 | OS X El Capitan 10.11.6 Combo Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600754 | OS X El Capitan 10.11.6 Combo Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600754 | OS X El Capitan 10.11.6 Combo Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234