1. Home
  2. Vulnerabilities
  3. CVE-2014-8080

CVE-2014-8080

CVSS v2.0 5 (Medium)
50% Progress
EPSS 9.84 % (95th)
9.84% Progress
Affected Products 4
Advisories 11
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

Weaknesses
CWE-NVD-Other
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2014-11-03 16:55:07
(10 years ago)
Updated Date
2018-10-30 16:27:34
(5 years ago)

Affected Products

Canonical

Opensuse

Redhat

Ruby-lang

Configuration #1

    CPE23 From Up To
  Opensuse 12.3 cpe:2.3:o:opensuse:opensuse:12.3
  Opensuse 13.1 cpe:2.3:o:opensuse:opensuse:13.1

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 12.04 Lts Edition cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts
  Canonical Ubuntu Linux 14.10 cpe:2.3:o:canonical:ubuntu_linux:14.10

Configuration #3

    CPE23 From Up To
  Ruby-lang Ruby P550 1.9.3 and prior versions cpe:2.3:a:ruby-lang:ruby::p550 <= 1.9.3
  Ruby-lang Ruby 1.9.3 cpe:2.3:a:ruby-lang:ruby:1.9.3
  Ruby-lang Ruby 1.9.3 P0 cpe:2.3:a:ruby-lang:ruby:1.9.3:p0
  Ruby-lang Ruby 1.9.3 P125 cpe:2.3:a:ruby-lang:ruby:1.9.3:p125
  Ruby-lang Ruby 1.9.3 P194 cpe:2.3:a:ruby-lang:ruby:1.9.3:p194
  Ruby-lang Ruby 1.9.3 P286 cpe:2.3:a:ruby-lang:ruby:1.9.3:p286
  Ruby-lang Ruby 1.9.3 P383 cpe:2.3:a:ruby-lang:ruby:1.9.3:p383
  Ruby-lang Ruby 1.9.3 P385 cpe:2.3:a:ruby-lang:ruby:1.9.3:p385
  Ruby-lang Ruby 1.9.3 P392 cpe:2.3:a:ruby-lang:ruby:1.9.3:p392
  Ruby-lang Ruby 1.9.3 P426 cpe:2.3:a:ruby-lang:ruby:1.9.3:p426
  Ruby-lang Ruby 1.9.3 P429 cpe:2.3:a:ruby-lang:ruby:1.9.3:p429
  Ruby-lang Ruby 1.9.3 P448 cpe:2.3:a:ruby-lang:ruby:1.9.3:p448
  Ruby-lang Ruby 1.9.3 P545 cpe:2.3:a:ruby-lang:ruby:1.9.3:p545
  Ruby-lang Ruby 1.9.3 P547 cpe:2.3:a:ruby-lang:ruby:1.9.3:p547
  Ruby-lang Ruby 2.0.0 cpe:2.3:a:ruby-lang:ruby:2.0.0
  Ruby-lang Ruby 2.0.0 P0 cpe:2.3:a:ruby-lang:ruby:2.0.0:p0
  Ruby-lang Ruby 2.0.0 P195 cpe:2.3:a:ruby-lang:ruby:2.0.0:p195
  Ruby-lang Ruby 2.0.0 P247 cpe:2.3:a:ruby-lang:ruby:2.0.0:p247
  Ruby-lang Ruby 2.0.0 P451 cpe:2.3:a:ruby-lang:ruby:2.0.0:p451
  Ruby-lang Ruby 2.0.0 P481 cpe:2.3:a:ruby-lang:ruby:2.0.0:p481
  Ruby-lang Ruby 2.0.0 P576 cpe:2.3:a:ruby-lang:ruby:2.0.0:p576
  Ruby-lang Ruby 2.1.1 cpe:2.3:a:ruby-lang:ruby:2.1.1
  Ruby-lang Ruby 2.1.2 cpe:2.3:a:ruby-lang:ruby:2.1.2
  Ruby-lang Ruby 2.1.3 cpe:2.3:a:ruby-lang:ruby:2.1.3

Configuration #4

    CPE23 From Up To
  Redhat Enterprise Linux 6.0 cpe:2.3:o:redhat:enterprise_linux:6.0
  Redhat Enterprise Linux 7.0 cpe:2.3:o:redhat:enterprise_linux:7.0