Class: Dawn::Kb::CVE_2015_7500

# File 'lib/dawn/kb/cve_2015_7500.rb', line 8

def initialize
      message = "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags."
       super({
        :title=>title,
        :name=> "CVE-2015-7500",
        :cve=>"2015-7500",
        :osvdb=>"",
        :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
        :release_date => Date.new(2015, 12, 15),
        :cwe=>"119",
        :owasp=>"A9",
        :applies=>["rails", "sinatra", "padrino"],
        :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
        :message=>message,
        :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.",
        :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"]
       })

       self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}]
       self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']}

end

Class: Dawn::Kb::CVE_2015_7500

Overview

Constant Summary

Constants included from BasicCheck

Instance Attribute Summary

Attributes included from DependencyCheck

Attributes included from BasicCheck

Instance Method Summary collapse

Methods included from DependencyCheck

Methods included from BasicCheck

Methods included from Utils

Constructor Details

#initialize ⇒ CVE_2015_7500

#initialize ⇒ `CVE_2015_7500`