CVE-2014-8080

Published: Nov 3, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

Affected (31)

Products: Opensuse: Opensuse · Canonical: Ubuntu Linux · Ruby Lang: Ruby · +1 more

Show all products

Opensuse: Opensuse · Canonical: Ubuntu Linux · Ruby Lang: Ruby · Redhat: Enterprise Linux

1 product

1 product

1 product

1 product

Enterprise Linux

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.3
Opensuse Opensuse	Version 13.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10

Configuration C

24 vulnerable

Vulnerable Software	Affected Versions
Ruby Lang Ruby	Up to 1.9.3
Ruby Lang Ruby	Version 1.9.3
Ruby Lang Ruby	Version 1.9.3 p0
Ruby Lang Ruby	Version 1.9.3 p125
Ruby Lang Ruby	Version 1.9.3 p194
Ruby Lang Ruby	Version 1.9.3 p286
Ruby Lang Ruby	Version 1.9.3 p383
Ruby Lang Ruby	Version 1.9.3 p385
Ruby Lang Ruby	Version 1.9.3 p392
Ruby Lang Ruby	Version 1.9.3 p426
Ruby Lang Ruby	Version 1.9.3 p429
Ruby Lang Ruby	Version 1.9.3 p448
Ruby Lang Ruby	Version 1.9.3 p545
Ruby Lang Ruby	Version 1.9.3 p547
Ruby Lang Ruby	Version 2.0.0
Ruby Lang Ruby	Version 2.0.0 p0
Ruby Lang Ruby	Version 2.0.0 p195
Ruby Lang Ruby	Version 2.0.0 p247
Ruby Lang Ruby	Version 2.0.0 p451
Ruby Lang Ruby	Version 2.0.0 p481
Ruby Lang Ruby	Version 2.0.0 p576
Ruby Lang Ruby	Version 2.1.1
Ruby Lang Ruby	Version 2.1.2
Ruby Lang Ruby	Version 2.1.3

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0

References (40)

http://advisories.mageia.org/MGASA-2014-0443.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-1911.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-1912.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-1913.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-1914.html

Source: cve@mitre.org

http://secunia.com/advisories/61607

Source: cve@mitre.org

http://secunia.com/advisories/62050

Source: cve@mitre.org

http://secunia.com/advisories/62748

Source: cve@mitre.org

http://www.debian.org/security/2015/dsa-3157

Source: cve@mitre.org

http://www.debian.org/security/2015/dsa-3159

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2015:129

Source: cve@mitre.org

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/70935

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2397-1

Source: cve@mitre.org

https://support.apple.com/HT205267

Source: cve@mitre.org

https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/

Source: cve@mitre.org

ExploitVendor Advisory

http://advisories.mageia.org/MGASA-2014-0443.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-1911.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-1912.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-1913.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-1914.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/61607

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62050

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62748

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3157

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3159

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2015:129

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/70935

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2397-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/HT205267

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.