Vulnerability Description
Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Newrelic | Ruby Agent | 3.2.0 |
Related Weaknesses (CWE)
References
- http://seclists.org/oss-sec/2013/q1/304
- https://newrelic.com/docs/ruby/ruby-agent-security-notificationVendor Advisory
- http://seclists.org/oss-sec/2013/q1/304
- https://newrelic.com/docs/ruby/ruby-agent-security-notificationVendor Advisory
FAQ
What is CVE-2013-0284?
CVE-2013-0284 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and ...
How severe is CVE-2013-0284?
CVE-2013-0284 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0284?
Check the references section above for vendor advisories and patch information. Affected products include: Newrelic Ruby Agent.