BID:58552

Ruby on Rails 'sanitize_css()' Method CVE-2013-1855 Cross Site Scripting Vulnerability

Info

Ruby on Rails 'sanitize_css()' Method CVE-2013-1855 Cross Site Scripting Vulnerability

Bugtraq ID:	58552
Class:	Input Validation Error
CVE:	CVE-2013-1855
Remote:	Yes
Local:	No
Published:	Mar 18 2013 12:00AM
Updated:	Apr 13 2015 10:25PM
Credit:	Charlie Somerville
Vulnerable:	Ruby on Rails Ruby on Rails 3.2.12 Ruby on Rails Ruby on Rails 3.2.11 Ruby on Rails Ruby on Rails 3.2.10 Ruby on Rails Ruby on Rails 3.2.8 Ruby on Rails Ruby on Rails 3.2.7 Ruby on Rails Ruby on Rails 3.2.6 Ruby on Rails Ruby on Rails 3.2.4 Ruby on Rails Ruby on Rails 3.2.2 Ruby on Rails Ruby on Rails 3.1.11 Ruby on Rails Ruby on Rails 3.1.9 Ruby on Rails Ruby on Rails 3.1.8 Ruby on Rails Ruby on Rails 3.1.7 Ruby on Rails Ruby on Rails 3.1.6 Ruby on Rails Ruby on Rails 3.1.5 Ruby on Rails Ruby on Rails 3.1.4 Ruby on Rails Ruby on Rails 3.1.2 Ruby on Rails Ruby on Rails 3.1 Ruby on Rails Ruby on Rails 2.3.17 Ruby on Rails Ruby on Rails 2.3.16 Ruby on Rails Ruby on Rails 2.3.15 Ruby on Rails Ruby on Rails 2.3.11 Ruby on Rails Ruby on Rails 2.3.10 Ruby on Rails Ruby on Rails 2.3.9 Ruby on Rails Ruby on Rails 2.3.5 Ruby on Rails Ruby on Rails 2.3.4 Ruby on Rails Ruby on Rails 2.3.3 Ruby on Rails Ruby on Rails 2.3.2 Ruby on Rails Ruby on Rails 3.2 Ruby on Rails Ruby on Rails 3.1.0.rc6 Ruby on Rails Ruby on Rails 3.1.0.rc5 Ruby on Rails Ruby on Rails 2.3.14 Ruby on Rails Ruby on Rails 2.3.13 Ruby on Rails Ruby on Rails 2.3.12 Redhat OpenShift Enterprise 1.1.3 IBM Security Network Protection XGS 5000 5.0 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Apple Mac OS X Server 10.7.5 Apple Mac OS X Server 2.2.2 Apple Mac OS X Server 2.2.1 Apple Mac OS X Server 2.1.1 Apple Mac OS X Server 2.1 Apple Mac OS X Server 2.0 Apple Mac OS X Server 10.7.4 Apple Mac OS X Server 10.7.3 Apple Mac OS X Server 10.7.1 Apple Mac OS X Server 10.7 Apple Mac OS X Server 10.6.8 Apple Mac OS X 10.8.2 Apple Mac OS X 10.8.1 Apple Mac OS X 10.7.5 Apple Mac OS X 10.8.3 Apple Mac OS X 10.8 Apple Mac OS X 10.7.4 Apple Mac OS X 10.7.3 Apple Mac OS X 10.7.2 Apple Mac OS X 10.7.1 Apple Mac OS X 10.7 Apple Mac OS X 10.6.8

Not Vulnerable:	Ruby on Rails Ruby on Rails 3.2.13 Ruby on Rails Ruby on Rails 3.1.12 Ruby on Rails Ruby on Rails 2.3.18 IBM Security Network Protection XGS 5000 5.1 Apple Mac OS X Server 3.0 Apple Mac OS X 10.8.4

Discussion

Ruby on Rails 'sanitize_css()' Method CVE-2013-1855 Cross Site Scripting Vulnerability

Ruby on Rails is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

The vulnerability is fixed in the following versions:

Ruby on Rails 2.3.18, 3.1.12, and 3.2.13.

Exploit / POC

Ruby on Rails 'sanitize_css()' Method CVE-2013-1855 Cross Site Scripting Vulnerability

To exploit this issue an attacker must entice an unsuspecting victim to follow a malicious URI.

Solution / Fix

Ruby on Rails 'sanitize_css()' Method CVE-2013-1855 Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apple Mac OS X 10.8

Apple OSXUpdCombo10.8.4.dmg
For OS X Mountain Lion v10.8 and v10.8.2
http://www.apple.com/support/downloads/

Apple Mac OS X 10.6.8

Apple SecUpdSrvr2013-002.dmg
For Mac OS X Server v10.6.8
http://www.apple.com/support/downloads/

Apple Mac OS X 10.8.3

Apple OSXUpd10.8.4.dmg
For OS X Mountain Lion v10.8.3
http://www.apple.com/support/downloads/

Apple Mac OS X 10.7.5

Apple SecUpd2013-002.dmg
For OS X Lion v10.7.5
http://www.apple.com/support/downloads/

Apple SecUpdSrvr2013-002.dmg
For OS X Lion Server v10.7.5
http://www.apple.com/support/downloads/

Apple Mac OS X 10.8.2

Apple OSXUpdCombo10.8.4.dmg
For OS X Mountain Lion v10.8 and v10.8.2
http://www.apple.com/support/downloads/

References

Ruby on Rails 'sanitize_css()' Method CVE-2013-1855 Cross Site Scripting Vulnerability

References:

[CVE-2013-1855] XSS vulnerability in sanitize_css in Action Pack (SecLists.Org)
Ruby on Rails Home Page (Ruby on Rails)
About the security content of OS X Mountain Lion v10.8.4 and Security Update 201 (Apple)
Moderate: rubygem-actionpack and ruby193-rubygem-actionpack security update (Red Hat)
Security Bulletin: IBM Security Network Protection can be affected by Cross-Site (IBM)