Skip to navigation

CVE Database

CVE-2012-5664

Impact: Moderate
Public: 2012-12-21
Bugzilla: 889649: CVE-2012-6496 rubygem-activerecord: find_by_* SQL Injection

Details

The MITRE CVE dictionary describes this issue as:

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6496, CVE-2012-6497. Reason: this candidate was intended for one issue, but the candidate was publicly used to label concerns about multiple products. Notes: All CVE users should consult CVE-2012-6496 and CVE-2012-6497 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Find out more about CVE-2012-5664 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score: 6.4
Base Metrics: AV:N/AC:L/Au:N/C:N/I:P/A:P
Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: Partial
Availability Impact: Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date

External References

http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.