Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2007-5379

Good to know:

icon

Date: October 19, 2007

Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.

Severity Score

Related Resources (20)

http://security.gentoo.org/glsa/glsa-200711-17.xml
http://docs.info.apple.com/article.html?artnum=307179
http://osvdb.org/40717
https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
http://www.vupen.com/english/advisories/2007/4238
http://bugs.gentoo.org/show_bug.cgi?id=195315
https://github.com/advisories/GHSA-fjfg-q662-gm6j
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
https://github.com/rails/rails
http://www.vupen.com/english/advisories/2007/3508
http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
http://dev.rubyonrails.org/ticket/8453
https://nvd.nist.gov/vuln/detail/CVE-2007-5379
https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
http://secunia.com/advisories/27657
http://www.securityfocus.com/bid/26096
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml
http://secunia.com/advisories/28136
https://www.mend.io/vulnerability-database/CVE-2007-5379

Severity Score

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

icon

Upgrade Version

Upgrade to version rails - 1.2.4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us