QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-3790

Back to search

CVE-2008-3790

Published: Aug 27, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."

VendorProductVersions

n/a

n/a

affected
n/a

References

USN-651-1
vendor-advisory
x_refsource_UBUNTU
33185
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:10393
vdb-entry
signature
x_refsource_OVAL
1020735
vdb-entry
x_refsource_SECTRACK
DSA-1652
vendor-advisory
x_refsource_DEBIAN
FEDORA-2008-8736
vendor-advisory
x_refsource_FEDORA
ADV-2008-2428
vdb-entry
x_refsource_VUPEN
ruby-rexml-dos(44628)
vdb-entry
x_refsource_XF
35074
third-party-advisory
x_refsource_SECUNIA
DSA-1651
vendor-advisory
x_refsource_DEBIAN
APPLE-SA-2009-05-12
vendor-advisory
x_refsource_APPLE
RHSA-2008:0897
vendor-advisory
x_refsource_REDHAT
[oss-security] 20080825 CVE Request (ruby)
mailing-list
x_refsource_MLIST
32219
third-party-advisory
x_refsource_SECUNIA
TA09-133A
third-party-advisory
x_refsource_CERT
32255
third-party-advisory
x_refsource_SECUNIA
ADV-2009-1297
vdb-entry
x_refsource_VUPEN
30802
vdb-entry
x_refsource_BID
USN-691-1
vendor-advisory
x_refsource_UBUNTU
32371
third-party-advisory
x_refsource_SECUNIA
32165
third-party-advisory
x_refsource_SECUNIA
GLSA-200812-17
vendor-advisory
x_refsource_GENTOO
33178
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-8738
vendor-advisory
x_refsource_FEDORA
32256
third-party-advisory
x_refsource_SECUNIA
31602
third-party-advisory
x_refsource_SECUNIA
ADV-2008-2483
vdb-entry
x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now