QwikSec

Security Database

CVE

CWE

Training

CVE-2014-8090

Published: Nov 21, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2014:1589

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

APPLE-SA-2015-09-30-3

vendor-advisory

x_refsource_APPLE

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

https://support.apple.com/HT205267

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

http://advisories.mageia.org/MGASA-2014-0472.html

x_refsource_CONFIRM

https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_MANDRIVA

vdb-entry

x_refsource_BID

openSUSE-SU-2015:0007

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2015:0002

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.