Download
| Alert*
oval:org.secpod.oval:def:32368
rubygem21 subpackages are installed oval:org.secpod.oval:def:1600055 The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service via a crafted XML document, aka an XML Entity Expansion attack. oval:org.secpod.oval:def:1600096 The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML d ... |