RHCOS 6:红帽OpenShift Enterprise 1.1.1 更新(中等)RHSA-2013:0582 ()
high Nessus 插件 ID 311978
语言:
简介
远程的 Red Hat CoreOS 主机缺少一个或多个安全更新。描述
远程的Red Hat Enterprise Linux CoreOS 6主机安装了受多个漏洞影响的包,如公告中提及 RHSA-2013:0582 。- rubygem-actionpack:不安全的查询生成 (CVE-2012-2660)
- rubygem-activerecord:处理嵌套查询参数时的 SQL 注入 (CVE-2012-2661)
- rubygem-actionpack:不安全的查询生成 (此缺陷与 CVE-2012-2660 不同) (CVE-2012-2694)
- rubygem-activerecord:处理嵌套查询参数时的 SQL 注入与 CVE-2012-2661 不同) (CVE-2012-2695)
- rubygem-actionpack:authenticate_or_request_with_http_digest 中的 DoS 漏洞(CVE-2012-3424)
请注意,Nessus 尚未测试这些问题,而是只依据应用程序自我报告的版本号进行判断。
解决方案
更新受影响的程序包。另见
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/knowledge/docs/
https://bugzilla.redhat.com/show_bug.cgi?id=827353
https://bugzilla.redhat.com/show_bug.cgi?id=827363
https://bugzilla.redhat.com/show_bug.cgi?id=831573
https://bugzilla.redhat.com/show_bug.cgi?id=831581
https://bugzilla.redhat.com/show_bug.cgi?id=843711
https://bugzilla.redhat.com/show_bug.cgi?id=847196
https://bugzilla.redhat.com/show_bug.cgi?id=847199
https://bugzilla.redhat.com/show_bug.cgi?id=847200
https://bugzilla.redhat.com/show_bug.cgi?id=862598
https://bugzilla.redhat.com/show_bug.cgi?id=862614
https://bugzilla.redhat.com/show_bug.cgi?id=865940
https://bugzilla.redhat.com/show_bug.cgi?id=875236
https://bugzilla.redhat.com/show_bug.cgi?id=887353
https://bugzilla.redhat.com/show_bug.cgi?id=889426
https://bugzilla.redhat.com/show_bug.cgi?id=892806
https://bugzilla.redhat.com/show_bug.cgi?id=892866
https://bugzilla.redhat.com/show_bug.cgi?id=895347
https://bugzilla.redhat.com/show_bug.cgi?id=895355
https://bugzilla.redhat.com/show_bug.cgi?id=902412
https://bugzilla.redhat.com/show_bug.cgi?id=902630
https://bugzilla.redhat.com/show_bug.cgi?id=903526
https://bugzilla.redhat.com/show_bug.cgi?id=903546
https://bugzilla.redhat.com/show_bug.cgi?id=905021
https://bugzilla.redhat.com/show_bug.cgi?id=905656
https://bugzilla.redhat.com/show_bug.cgi?id=906227
https://bugzilla.redhat.com/show_bug.cgi?id=906845
插件详情
严重性: High
ID: 311978
文件名: rhcos-RHSA-2013-0582.nasl
版本: 1.1
类型: Local
代理: unix
发布时间: 2026/5/4
最近更新时间: 2026/5/4
支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
风险信息
VPR
风险因素: Medium
分数: 6.7
Vendor
Vendor Severity: Moderate
CVSS v2
风险因素: High
基本分数: 7.5
时间分数: 5.9
矢量: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 分数来源: CVE-2012-2695
CVSS v3
风险因素: High
基本分数: 7.3
时间分数: 6.6
矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
时间矢量: CVSS:3.0/E:P/RL:O/RC:C
漏洞信息
CPE: p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-railties-doc, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-diy-0.1, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-console, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbosseap-6.0, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-minitest, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activemodel-doc, p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker-util, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-node, p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-auth-remote-user, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activerecord-doc, p-cpe:/a:redhat:enterprise_linux:graphviz-ruby, p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel, p-cpe:/a:redhat:enterprise_linux:rubygem-mongo-doc, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-ruby-1.9-scl, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby_parser-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-json, p-cpe:/a:redhat:enterprise_linux:openshift-console, p-cpe:/a:redhat:enterprise_linux:php-devel, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-mysql-5.1, p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-bigdecimal, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-postgresql-8.4, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-perl-5.10, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rdoc, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:php-imap, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-cron-1.4, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-io-console, p-cpe:/a:redhat:enterprise_linux:rubygem-activerecord, p-cpe:/a:redhat:enterprise_linux:graphviz-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-actionpack-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygems-devel, p-cpe:/a:redhat:enterprise_linux:rubygem-ruby_parser-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby_parser, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-ruby-1.8, p-cpe:/a:redhat:enterprise_linux:php, p-cpe:/a:redhat:enterprise_linux:php-mbstring, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-irb, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rake, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-haproxy-1.4, p-cpe:/a:redhat:enterprise_linux:rubygem-mongo, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-tcltk, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-devel, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-controller, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-php-5.3, p-cpe:/a:redhat:enterprise_linux:graphviz-devel, p-cpe:/a:redhat:enterprise_linux:openshift-origin-msg-node-mcollective, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activerecord, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jenkins-client-1.4, p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-console-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-libs, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activemodel, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbossews-1.0, cpe:/o:redhat:enterprise_linux:6:coreos, p-cpe:/a:redhat:enterprise_linux:php-bcmath, p-cpe:/a:redhat:enterprise_linux:php-process, p-cpe:/a:redhat:enterprise_linux:graphviz, p-cpe:/a:redhat:enterprise_linux:rubygem-ruby_parser, p-cpe:/a:redhat:enterprise_linux:graphviz-gd, p-cpe:/a:redhat:enterprise_linux:rubygem-bson, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jenkins-1.4, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-railties, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygems
必需的 KB 项: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
可利用: true
易利用性: Exploits are available
补丁发布日期: 2013/2/28
漏洞发布日期: 2012/5/31
参考资料信息
CVE: CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695, CVE-2012-3424, CVE-2012-3463, CVE-2012-3464, CVE-2012-3465, CVE-2012-4464, CVE-2012-4466, CVE-2012-4522, CVE-2012-5371, CVE-2013-0155, CVE-2013-0162, CVE-2013-0276