CVE-2013-0284 : Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which al

Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data.

Published 2013-04-09 20:55:02

Updated 2013-04-10 04:00:00

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2013-0284

Probability of exploitation activity in the next 30 days: 0.19%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 56 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-0284

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2013-0284

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-0284

http://seclists.org/oss-sec/2013/q1/304

oss-sec: Some rubygems related CVEs

CVEs referencing this url
https://newrelic.com/docs/ruby/ruby-agent-security-notification

APM agent security: Ruby | New Relic Documentation
Vendor Advisory

Products affected by CVE-2013-0284

Newrelic » Ruby Agent » Version: 3.3.5
cpe:2.3:a:newrelic:ruby_agent:3.3.5:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.4.0
cpe:2.3:a:newrelic:ruby_agent:3.4.0:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.4.0.1
cpe:2.3:a:newrelic:ruby_agent:3.4.0.1:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.4.1
cpe:2.3:a:newrelic:ruby_agent:3.4.1:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.2.0
cpe:2.3:a:newrelic:ruby_agent:3.2.0:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.3.0
cpe:2.3:a:newrelic:ruby_agent:3.3.0:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.3.1
cpe:2.3:a:newrelic:ruby_agent:3.3.1:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.3.2
cpe:2.3:a:newrelic:ruby_agent:3.3.2:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.5.1.14
cpe:2.3:a:newrelic:ruby_agent:3.5.1.14:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.5.1
cpe:2.3:a:newrelic:ruby_agent:3.5.1:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.5.2
cpe:2.3:a:newrelic:ruby_agent:3.5.2:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.3.2.1
cpe:2.3:a:newrelic:ruby_agent:3.3.2.1:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.3.4
cpe:2.3:a:newrelic:ruby_agent:3.3.4:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.4.2.1
cpe:2.3:a:newrelic:ruby_agent:3.4.2.1:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.5.0.1
cpe:2.3:a:newrelic:ruby_agent:3.5.0.1:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.3.3
cpe:2.3:a:newrelic:ruby_agent:3.3.3:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.3.4.1
cpe:2.3:a:newrelic:ruby_agent:3.3.4.1:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.4.2
cpe:2.3:a:newrelic:ruby_agent:3.4.2:*:*:*:*:*:*:*
Matching versions
Newrelic » Ruby Agent » Version: 3.5.0
cpe:2.3:a:newrelic:ruby_agent:3.5.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-0284

Exploit prediction scoring system (EPSS) score for CVE-2013-0284

CVSS scores for CVE-2013-0284

CWE ids for CVE-2013-0284

References for CVE-2013-0284

Products affected by CVE-2013-0284