RHCOS 6:Red Hat OpenShift Enterprise 1.1.1 更新(中等)RHSA-2013:0582 ()
high Nessus Plugin ID 311978
語言:
概要
遠端的 Red Hat CoreOS 主機缺少一個或多個安全更新。說明
遠端的 Red Hat Enterprise Linux CoreOS 6 主機安裝了受多項漏洞影響的套件,如公告 RHSA-2013:0582 中所述。- rubygem-actionpack:不安全的查詢產生 (CVE-2012-2660)
- rubygem-activerecord:處理巢狀查詢參數時發生 SQL 插入弱點 (CVE-2012-2661)
- rubygem-actionpack:不安全的查詢產生 (不同於 CVE-2012-2660 的瑕疵) (CVE-2012-2694)
- rubygem-activerecord:處理巢狀查詢參數時發生 SQL 插入弱點 (不同於 CVE-2012-2661 的瑕疵) (CVE-2012-2695)
- rubygem-actionpack: authenticate_or_request_with_http_digest 中的 DoS 弱點 (CVE-2012-3424)
請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼作出判斷。
解決方案
更新受影響的套件。另請參閱
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/knowledge/docs/
https://bugzilla.redhat.com/show_bug.cgi?id=827353
https://bugzilla.redhat.com/show_bug.cgi?id=827363
https://bugzilla.redhat.com/show_bug.cgi?id=831573
https://bugzilla.redhat.com/show_bug.cgi?id=831581
https://bugzilla.redhat.com/show_bug.cgi?id=843711
https://bugzilla.redhat.com/show_bug.cgi?id=847196
https://bugzilla.redhat.com/show_bug.cgi?id=847199
https://bugzilla.redhat.com/show_bug.cgi?id=847200
https://bugzilla.redhat.com/show_bug.cgi?id=862598
https://bugzilla.redhat.com/show_bug.cgi?id=862614
https://bugzilla.redhat.com/show_bug.cgi?id=865940
https://bugzilla.redhat.com/show_bug.cgi?id=875236
https://bugzilla.redhat.com/show_bug.cgi?id=887353
https://bugzilla.redhat.com/show_bug.cgi?id=889426
https://bugzilla.redhat.com/show_bug.cgi?id=892806
https://bugzilla.redhat.com/show_bug.cgi?id=892866
https://bugzilla.redhat.com/show_bug.cgi?id=895347
https://bugzilla.redhat.com/show_bug.cgi?id=895355
https://bugzilla.redhat.com/show_bug.cgi?id=902412
https://bugzilla.redhat.com/show_bug.cgi?id=902630
https://bugzilla.redhat.com/show_bug.cgi?id=903526
https://bugzilla.redhat.com/show_bug.cgi?id=903546
https://bugzilla.redhat.com/show_bug.cgi?id=905021
https://bugzilla.redhat.com/show_bug.cgi?id=905656
https://bugzilla.redhat.com/show_bug.cgi?id=906227
https://bugzilla.redhat.com/show_bug.cgi?id=906845
Plugin 詳細資訊
嚴重性: High
ID: 311978
檔案名稱: rhcos-RHSA-2013-0582.nasl
版本: 1.1
類型: Local
代理程式: unix
已發布: 2026/5/4
已更新: 2026/5/4
支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
風險資訊
VPR
風險因素: Medium
分數: 6.7
Vendor
Vendor Severity: Moderate
CVSS v2
風險因素: High
基本分數: 7.5
時間性分數: 5.9
媒介: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 評分資料來源: CVE-2012-2695
CVSS v3
風險因素: High
基本分數: 7.3
時間性分數: 6.6
媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
時間媒介: CVSS:3.0/E:P/RL:O/RC:C
弱點資訊
CPE: p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-railties-doc, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-diy-0.1, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-console, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbosseap-6.0, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-minitest, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activemodel-doc, p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker-util, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-node, p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-auth-remote-user, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activerecord-doc, p-cpe:/a:redhat:enterprise_linux:graphviz-ruby, p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel, p-cpe:/a:redhat:enterprise_linux:rubygem-mongo-doc, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-ruby-1.9-scl, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby_parser-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-json, p-cpe:/a:redhat:enterprise_linux:openshift-console, p-cpe:/a:redhat:enterprise_linux:php-devel, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-mysql-5.1, p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-bigdecimal, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-postgresql-8.4, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-perl-5.10, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rdoc, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:php-imap, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-cron-1.4, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-io-console, p-cpe:/a:redhat:enterprise_linux:rubygem-activerecord, p-cpe:/a:redhat:enterprise_linux:graphviz-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-actionpack-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygems-devel, p-cpe:/a:redhat:enterprise_linux:rubygem-ruby_parser-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby_parser, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-ruby-1.8, p-cpe:/a:redhat:enterprise_linux:php, p-cpe:/a:redhat:enterprise_linux:php-mbstring, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-irb, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rake, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-haproxy-1.4, p-cpe:/a:redhat:enterprise_linux:rubygem-mongo, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-tcltk, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-devel, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-controller, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-php-5.3, p-cpe:/a:redhat:enterprise_linux:graphviz-devel, p-cpe:/a:redhat:enterprise_linux:openshift-origin-msg-node-mcollective, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activerecord, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jenkins-client-1.4, p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-console-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-libs, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activemodel, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbossews-1.0, cpe:/o:redhat:enterprise_linux:6:coreos, p-cpe:/a:redhat:enterprise_linux:php-bcmath, p-cpe:/a:redhat:enterprise_linux:php-process, p-cpe:/a:redhat:enterprise_linux:graphviz, p-cpe:/a:redhat:enterprise_linux:rubygem-ruby_parser, p-cpe:/a:redhat:enterprise_linux:graphviz-gd, p-cpe:/a:redhat:enterprise_linux:rubygem-bson, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jenkins-1.4, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-railties, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygems
必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
可被惡意程式利用: true
可輕鬆利用: Exploits are available
修補程式發佈日期: 2013/2/28
弱點發布日期: 2012/5/31
參考資訊
CVE: CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695, CVE-2012-3424, CVE-2012-3463, CVE-2012-3464, CVE-2012-3465, CVE-2012-4464, CVE-2012-4466, CVE-2012-4522, CVE-2012-5371, CVE-2013-0155, CVE-2013-0162, CVE-2013-0276