Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-0082 (GCVE-0-2014-0082)
Vulnerability from cvelistv5
Published
2014-02-20 11:00
Modified
2024-08-06 09:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:37.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rubyonrails-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"
},
{
"name": "RHSA-2014:0215",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"name": "57836",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57836"
},
{
"name": "RHSA-2014:0306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2014-0082"
},
{
"name": "openSUSE-SU-2014:0295",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"
},
{
"name": "57376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57376"
},
{
"name": "[oss-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/02/18/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-08T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[rubyonrails-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"
},
{
"name": "RHSA-2014:0215",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"name": "57836",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57836"
},
{
"name": "RHSA-2014:0306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/cve-2014-0082"
},
{
"name": "openSUSE-SU-2014:0295",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"
},
{
"name": "57376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57376"
},
{
"name": "[oss-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/02/18/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rubyonrails-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"
},
{
"name": "RHSA-2014:0215",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"name": "57836",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57836"
},
{
"name": "RHSA-2014:0306",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html"
},
{
"name": "https://puppet.com/security/cve/cve-2014-0082",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2014-0082"
},
{
"name": "openSUSE-SU-2014:0295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"
},
{
"name": "57376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57376"
},
{
"name": "[oss-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/18/10"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
"refsource": "CONFIRM",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0082",
"datePublished": "2014-02-20T11:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:37.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2014-0082\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-02-20T15:27:09.170\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.\"},{\"lang\":\"es\",\"value\":\"actionpack/lib/action_view/template/text.rb en Action View en Ruby on Rails 3.x anterior a 3.2.17 convierte cadenas tipo MIME a s\u00edmbolos durante el uso de la opci\u00f3n :text al m\u00e9todo render, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) mediante la inclusi\u00f3n de estas cadenas en cabeceras.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3BE7DFE-BA20-434B-A1DE-AD038B255C60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCEE5B21-C990-4705-8239-0D7B29DAEDA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"65EE33B1-B079-4CDE-B9C2-F1613A4610DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CAAA20B-824F-4448-99DC-9712FE628073\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2BEBDFB-0F30-454A-B74C-F820C9D2708B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D7CD8C1-95D1-477E-AD96-6582EC33BA01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6F00D98-3D0F-40AF-AE4F-090B1E6B660C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9476CE55-69C0-45D3-B723-6F459C90BF05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*\",\"matchCriteriaId\":\"486F5BA6-BCF7-4691-9754-19D364B4438D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"112FC73B-A8BC-4EEA-9F4B-CCE685EF2838\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4498383-6FCA-4E17-A1FD-B0CE7EE50F85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D26565B1-2BA6-4A3C-9264-7FC9A1820B59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"644EF85E-6D3E-4F5C-96B0-49AD2A2D90CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"392E2D58-CB39-4832-B4D9-9C2E23B8E14C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F2466EA-7039-46A1-B4A3-8DACD1953A59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CAB4E72-0A15-4B26-9B69-074C278568D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A085E105-9375-440A-80CB-9B23E6D7EB4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"25911E48-C5D7-4ED8-B4DB-7523A74CCF49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE6EC1E5-3A4A-4751-9F77-28EF5AF681E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B29674E3-CC80-446B-9A43-82594AE7A058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF34D8CB-2B6D-4CB8-A206-108293BCFFE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E5187F6-E3AC-4E0D-B1D0-83DE76C20A4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"272268EE-E3E8-4683-B679-55D748877A7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B69FD33-61FE-4F10-BBE1-215F59035D30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"08D7CB5D-82EF-4A24-A792-938FAB40863D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A044B21-47D5-468D-AF4A-06B3B5CC0824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2196F3D0-532A-40F9-843A-1DFBC8B63FDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBEDA932-6CB5-438C-94E4-824732A91BE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"903E5524-5E45-48CE-A804-EDAEBE3A79AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"08534AF2-F94E-4FB6-A572-4FB9827276D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"29E3B4A6-1346-4358-B7BC-84D00ED3ABBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B52D7A6B-DD93-45F0-9186-18ABEFF28DF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F07C641-48DF-43BE-9EB5-72B337C54846\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1CB1B12-99F5-430F-AE19-9A95C17FA123\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1A7C449-8F9A-4CE5-9C3D-375996BFAEE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05D5D58C-DB79-41EA-81AE-5D95C48211B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE331D6D-99BA-4369-AD8B-B556DEE4955F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58304E17-ADFD-4686-9CCF-C1CA31843B94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"05108EF0-81AD-4378-9843-5C23F2AC79A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EE7DA7E-23A5-42AF-9D5C-39240CE2FBDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C448F62-8231-4221-ADA0-C9B848AE03D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FBD11A1-51C7-4AF7-AA0B-3A14C5435E70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60255706-C44A-48CB-B98B-A1F0991CBC74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0456E2E8-EF06-414E-8A7D-8005F0EB46B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9EE4763-2495-4B6A-B72F-344967E51C27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB51F3E9-4899-49A9-9E7B-0DCA92A91DD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F884F2F4-94F3-46CB-860B-1BCC0EEF408A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"88DFBB48-1C29-4639-9369-F5B413CA2337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D37696D7-BEE6-4587-9E33-A7FE24780409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E95B5D44-0C8D-47BC-A89D-48A5BDEB84F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DFDAF6A-76AA-436F-A4F3-DA69892DE2B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3172982-3FA4-427F-BE3E-2321D804E49D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD6EC85B-F092-48FF-966A-96B9227C8656\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"9000F3C1-57A0-474C-9C82-E58688F29838\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E55E42E-AB6A-4E47-AC69-DFDAEB0A8735\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A42F4E7A-6F6A-485C-8D30-95F3B0285922\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"30B9C0CB-F6E6-4233-84E4-D6E69104DD73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"84309CC7-A8B7-4ADB-AEA1-964DA5F7B0E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5343241F-274D-45FF-97C7-2BC2E920BAF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FED122B8-AF4C-4C48-B1E5-54F4A7A31A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"157ACCAD-0FB8-4CC9-9DFB-70835DE6506C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E50ACF6-7277-4C9A-B42A-E7EFDC317691\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C191DC2B-1EC3-48E0-A586-867E6EE4431C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA51263-6680-42C6-B119-8241D6F76206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4BC41E8-FEDA-4C31-B479-D49A59FC4D63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09C20971-53B5-43B0-AC45-5AA0FDF1B054\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1AEFA5D-A793-4BAB-8DED-3D3A31260AD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"496902D6-409A-40D9-849F-C41264BE5B04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2482AB3F-8303-4F95-BE04-C5F06EEF2015\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"244C6952-377C-4AF0-8BA2-C34516A3EB5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98A79CC5-71EC-4E90-9E99-2DF62ABC0122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6562F3C3-D794-4107-95D4-1C0B0486940B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2816C02C-E13E-4367-91F3-14756A90EC9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E82AF7C7-B725-40EF-8EE3-18F8E7FAEB29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AE674DE-65DB-437E-A034-A2EE5C584B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0524F3E3-BAD7-4CD3-A6E7-74CFBE4B46E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32EB2C3F-0F24-43DB-988E-BD2973598F71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB32713D-FE64-445E-872E-B4678C243AB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C55E6B4A-2B9C-46C8-A739-109EA4BA7FD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"89C618DC-38BC-4484-8C41-BC38B7EB636B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE1EF01A-F358-45D3-ADA2-51DD1D8CB6E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC2616BD-A4E8-42F3-BB5A-7517DC4EDA3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E376782-98B0-4766-B6FC-67E032A00C62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96D08DC1-14E9-4DB9-BC95-3F73B454FBC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F365C9E5-27DC-46C3-AFE4-4876EC7B352B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F0016A6-0ED6-443D-B969-CB1226D8E28C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E69470EA-5EBC-4FB9-A722-5B61C70C1140\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B13A8EBB-4211-4AB1-8872-244EEEE20ABD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9AB2152-DED8-4CFD-B915-94A9F56FDD05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C630AB60-DBAF-421E-B663-492BAE8A180F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F41CCF8-14EB-4327-A675-83BFDBB53196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75842F7D-B1B1-48BA-858F-01148867B3AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE65D701-AA6E-48E4-B62B-C22DEE863503\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"17B1E475-C873-4561-9348-027721C08D79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0406FF0-30F5-40E2-B9B8-FE465D923DE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6646610D-279B-4AEC-B445-981E7784EE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.2.16\",\"matchCriteriaId\":\"005A14B0-1621-4A0C-A990-2B8B59C199B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"224BD488-0D7E-4F8B-9012-DE872DEB544C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A325F57E-0055-4279-9ED7-A26E75FC38E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A3BA4AE-B4F0-4204-AFA1-1016F0A6F7AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"991F368C-CEB5-4DE6-A7EE-C341F358A4CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"01DB164E-E08E-4649-84BD-15B4159A3AA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F7ECFB-86A1-4F00-AD47-971FA23C6D21\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://openwall.com/lists/oss-security/2014/02/18/10\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0215.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0306.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/57376\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/57836\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://puppet.com/security/cve/cve-2014-0082\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://openwall.com/lists/oss-security/2014/02/18/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0215.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0306.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/57376\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/57836\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://puppet.com/security/cve/cve-2014-0082\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2014_0306
Vulnerability from csaf_redhat
Published
2014-03-17 17:31
Modified
2024-11-14 14:27
Summary
Red Hat Security Advisory: ruby193-rubygem-actionpack security update
Notes
Topic
Updated ruby193-rubygem-actionpack packages that fix two security issues
are now available for Red Hat Software Collections 1.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Ruby on Rails is a model-view-controller (MVC) framework for web
application development. Action Pack implements the controller and the
view components.
It was found that several number conversion helpers in Action View did not
properly escape all their parameters. An attacker could use these flaws to
perform a cross-site scripting (XSS) attack on an application that uses
data submitted by a user as parameters to the affected helpers.
(CVE-2014-0081)
A memory consumption issue was discovered in the text rendering component
of Action View. A remote attacker could use this flaw to perform a denial
of service attack by sending specially crafted queries that would result in
the creation of Ruby symbols that were never garbage collected.
(CVE-2014-0082)
Red Hat would like to thank the Ruby on Rails Project for reporting these
issues. Upstream acknowledges Kevin Reintjes as the original reporter of
CVE-2014-0081, and Toby Hsieh of SlideShare as the original reporter of
CVE-2014-0082.
All ruby193-rubygem-actionpack users are advised to upgrade to these
updated packages, which contain backported patches to correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated ruby193-rubygem-actionpack packages that fix two security issues\nare now available for Red Hat Software Collections 1.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ruby on Rails is a model-view-controller (MVC) framework for web\napplication development. Action Pack implements the controller and the\nview components.\n\nIt was found that several number conversion helpers in Action View did not\nproperly escape all their parameters. An attacker could use these flaws to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user as parameters to the affected helpers.\n(CVE-2014-0081)\n\nA memory consumption issue was discovered in the text rendering component\nof Action View. A remote attacker could use this flaw to perform a denial\nof service attack by sending specially crafted queries that would result in\nthe creation of Ruby symbols that were never garbage collected.\n(CVE-2014-0082)\n\nRed Hat would like to thank the Ruby on Rails Project for reporting these\nissues. Upstream acknowledges Kevin Reintjes as the original reporter of\nCVE-2014-0081, and Toby Hsieh of SlideShare as the original reporter of\nCVE-2014-0082.\n\nAll ruby193-rubygem-actionpack users are advised to upgrade to these\nupdated packages, which contain backported patches to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0306",
"url": "https://access.redhat.com/errata/RHSA-2014:0306"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1065520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
},
{
"category": "external",
"summary": "1065538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0306.json"
}
],
"title": "Red Hat Security Advisory: ruby193-rubygem-actionpack security update",
"tracking": {
"current_release_date": "2024-11-14T14:27:01+00:00",
"generator": {
"date": "2024-11-14T14:27:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2014:0306",
"initial_release_date": "2014-03-17T17:31:50+00:00",
"revision_history": [
{
"date": "2014-03-17T17:31:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-03-17T17:31:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T14:27:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:1::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"product_id": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack-doc@3.2.8-5.3.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"product_id": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.8-5.3.el6?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"product_id": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.8-5.3.el6?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ruby on Rails Project"
]
},
{
"names": [
"Kevin Reintjes"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0081",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2014-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065520"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0081"
},
{
"category": "external",
"summary": "RHBZ#1065520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0081",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081"
}
],
"release_date": "2014-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-17T17:31:50+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0306"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Ruby on Rails Project"
]
},
{
"names": [
"Toby Hsieh"
],
"organization": "SlideShare",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0082",
"discovery_date": "2014-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065538"
}
],
"notes": [
{
"category": "description",
"text": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Action View string handling denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0082"
},
{
"category": "external",
"summary": "RHBZ#1065538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0082",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082"
}
],
"release_date": "2014-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-17T17:31:50+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0306"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: Action View string handling denial of service"
}
]
}
RHSA-2014:0215
Vulnerability from csaf_redhat
Published
2014-03-11 16:56
Modified
2025-11-08 03:37
Summary
Red Hat Security Advisory: cfme security, bug fix, and enhancement update
Notes
Topic
Updated cfme packages that fix multiple security issues, several bugs, and
add various enhancements are now available for Red Hat CloudForms 3.0.
The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat CloudForms Management Engine delivers the insight, control, and
automation enterprises need to address the challenges of managing virtual
environments, which are far more complex than physical ones. This
technology enables enterprises with existing virtual infrastructures
to improve visibility and control, and those just starting virtualization
deployments to build and operate a well-managed virtual infrastructure.
A buffer overflow flaw was found in the way Ruby parsed floating point
numbers from their text representation. If an application using Ruby
accepted untrusted input strings and converted them to floating point
numbers, an attacker able to provide such input could cause the application
to crash or, possibly, execute arbitrary code with the privileges of the
application. (CVE-2013-4164)
It was found that Red Hat CloudForms Management Engine did not properly
sanitize user-supplied values in the ServiceController. A remote attacker
could invoke arbitrary method calls in the application controller that, due
to a lack of sanitization, could allow access to private methods that could
possibly allow the attacker to execute arbitrary code on the host system.
(CVE-2014-0057)
It was found that several number conversion helpers in Action View did not
properly escape all their parameters. An attacker could use these flaws to
perform a cross-site scripting (XSS) attack on an application that uses
data submitted by a user as parameters to the affected helpers.
(CVE-2014-0081)
A memory consumption issue was discovered in the text rendering component
of Action View. A remote attacker could use this flaw to perform a denial
of service attack by sending specially crafted queries that would result in
the creation of Ruby symbols that were never garbage collected.
(CVE-2014-0082)
Red Hat would like to thank the Ruby on Rails Project for reporting
CVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as
the original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the
original reporter of CVE-2014-0082. The CVE-2014-0057 issue was discovered
by Jan Rusnacko of the Red Hat Product Security Team.
This update fixes several bugs and adds multiple enhancements.
Documentation for these changes will be available shortly from the Red Hat
CloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the
References section.
All users of Red Hat CloudForms are advised to upgrade to these updated
packages, which contain backported patches to correct these issues and add
these enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated cfme packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat CloudForms 3.0.\n\nThe Red Hat Security Response Team has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat CloudForms Management Engine delivers the insight, control, and\nautomation enterprises need to address the challenges of managing virtual\nenvironments, which are far more complex than physical ones. This\ntechnology enables enterprises with existing virtual infrastructures\nto improve visibility and control, and those just starting virtualization\ndeployments to build and operate a well-managed virtual infrastructure.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\napplication. (CVE-2013-4164)\n\nIt was found that Red Hat CloudForms Management Engine did not properly\nsanitize user-supplied values in the ServiceController. A remote attacker\ncould invoke arbitrary method calls in the application controller that, due\nto a lack of sanitization, could allow access to private methods that could\npossibly allow the attacker to execute arbitrary code on the host system.\n(CVE-2014-0057)\n\nIt was found that several number conversion helpers in Action View did not\nproperly escape all their parameters. An attacker could use these flaws to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user as parameters to the affected helpers.\n(CVE-2014-0081)\n\nA memory consumption issue was discovered in the text rendering component\nof Action View. A remote attacker could use this flaw to perform a denial\nof service attack by sending specially crafted queries that would result in\nthe creation of Ruby symbols that were never garbage collected.\n(CVE-2014-0082)\n\nRed Hat would like to thank the Ruby on Rails Project for reporting\nCVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as\nthe original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the\noriginal reporter of CVE-2014-0082. The CVE-2014-0057 issue was discovered\nby Jan Rusnacko of the Red Hat Product Security Team.\n\nThis update fixes several bugs and adds multiple enhancements.\nDocumentation for these changes will be available shortly from the Red Hat\nCloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the\nReferences section.\n\nAll users of Red Hat CloudForms are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and add\nthese enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0215",
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html"
},
{
"category": "external",
"summary": "1033460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033460"
},
{
"category": "external",
"summary": "1064140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
},
{
"category": "external",
"summary": "1065520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
},
{
"category": "external",
"summary": "1065538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0215.json"
}
],
"title": "Red Hat Security Advisory: cfme security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-08T03:37:57+00:00",
"generator": {
"date": "2025-11-08T03:37:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2014:0215",
"initial_release_date": "2014-03-11T16:56:48+00:00",
"revision_history": [
{
"date": "2014-03-11T16:56:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-03-11T16:56:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-08T03:37:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Management Engine",
"product": {
"name": "Management Engine",
"product_id": "6Server-CFME",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat CloudForms"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"product": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"product_id": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri@1.5.6-3.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"product_id": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-excon@0.31.0-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"product_id": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bunny@1.0.7-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"product_id": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-fog@1.19.0-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"product_id": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-more_core_extensions@1.1.2-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"product_id": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-linux_admin@0.7.0-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"product_id": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.13-5.el6cf?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"product": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"product_id": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol@1.9.2-3.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"product": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"product_id": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby@1.9.3.448-40.1.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.2.2.3-1.el6cf.src",
"product": {
"name": "cfme-0:5.2.2.3-1.el6cf.src",
"product_id": "cfme-0:5.2.2.3-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.2.2.3-1.el6cf?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"product": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"product_id": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri@1.5.6-3.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"product": {
"name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"product_id": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri-debuginfo@1.5.6-3.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-libs@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-devel@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-tcltk@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-debuginfo@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"product": {
"name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"product_id": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-io-console@0.3-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"product": {
"name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"product_id": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bigdecimal@1.1.0-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-lib@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-debuginfo@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-cfme-host@5.2.2.3-1.el6cf?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"product_id": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-excon@0.31.0-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"product_id": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bunny-doc@1.0.7-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"product_id": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bunny@1.0.7-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"product_id": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-fog@1.19.0-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"product_id": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-more_core_extensions@1.1.2-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"product_id": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-linux_admin@0.7.0-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"product_id": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.13-5.el6cf?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"product_id": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol@1.9.2-3.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"product_id": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol-doc@1.9.2-3.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"product": {
"name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"product_id": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygems-devel@1.8.23-40.1.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"product": {
"name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"product_id": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygems@1.8.23-40.1.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"product": {
"name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"product_id": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-irb@1.9.3.448-40.1.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.2.2.3-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src"
},
"product_reference": "cfme-0:5.2.2.3-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src"
},
"product_reference": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch"
},
"product_reference": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src"
},
"product_reference": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64"
},
"product_reference": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64"
},
"product_reference": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src"
},
"product_reference": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64"
},
"product_reference": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64"
},
"product_reference": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch"
},
"product_reference": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
},
"product_reference": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"relates_to_product_reference": "6Server-CFME"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"David Jorm"
],
"organization": "Red Hat Security Response Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2013-0186",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "895346"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EVM: Stored XSS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0186"
},
{
"category": "external",
"summary": "RHBZ#895346",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=895346"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0186",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0186"
}
],
"release_date": "2014-03-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EVM: Stored XSS"
},
{
"cve": "CVE-2013-4164",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2013-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1033460"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: heap overflow in floating point parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4164"
},
{
"category": "external",
"summary": "RHBZ#1033460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4164",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4164"
}
],
"release_date": "2013-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "ruby: heap overflow in floating point parsing"
},
{
"acknowledgments": [
{
"names": [
"Jan Rusnacko"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-0057",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2014-02-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1064140"
}
],
"notes": [
{
"category": "description",
"text": "The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CFME: Dangerous send in ServiceController",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0057"
},
{
"category": "external",
"summary": "RHBZ#1064140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0057",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0057"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0057",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0057"
}
],
"release_date": "2014-03-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CFME: Dangerous send in ServiceController"
},
{
"acknowledgments": [
{
"names": [
"Ruby on Rails Project"
]
},
{
"names": [
"Kevin Reintjes"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0081",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2014-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065520"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0081"
},
{
"category": "external",
"summary": "RHBZ#1065520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0081",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081"
}
],
"release_date": "2014-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Ruby on Rails Project"
]
},
{
"names": [
"Toby Hsieh"
],
"organization": "SlideShare",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0082",
"discovery_date": "2014-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065538"
}
],
"notes": [
{
"category": "description",
"text": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Action View string handling denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0082"
},
{
"category": "external",
"summary": "RHBZ#1065538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0082",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082"
}
],
"release_date": "2014-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: Action View string handling denial of service"
}
]
}
rhsa-2014_0215
Vulnerability from csaf_redhat
Published
2014-03-11 16:56
Modified
2024-11-22 07:31
Summary
Red Hat Security Advisory: cfme security, bug fix, and enhancement update
Notes
Topic
Updated cfme packages that fix multiple security issues, several bugs, and
add various enhancements are now available for Red Hat CloudForms 3.0.
The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat CloudForms Management Engine delivers the insight, control, and
automation enterprises need to address the challenges of managing virtual
environments, which are far more complex than physical ones. This
technology enables enterprises with existing virtual infrastructures
to improve visibility and control, and those just starting virtualization
deployments to build and operate a well-managed virtual infrastructure.
A buffer overflow flaw was found in the way Ruby parsed floating point
numbers from their text representation. If an application using Ruby
accepted untrusted input strings and converted them to floating point
numbers, an attacker able to provide such input could cause the application
to crash or, possibly, execute arbitrary code with the privileges of the
application. (CVE-2013-4164)
It was found that Red Hat CloudForms Management Engine did not properly
sanitize user-supplied values in the ServiceController. A remote attacker
could invoke arbitrary method calls in the application controller that, due
to a lack of sanitization, could allow access to private methods that could
possibly allow the attacker to execute arbitrary code on the host system.
(CVE-2014-0057)
It was found that several number conversion helpers in Action View did not
properly escape all their parameters. An attacker could use these flaws to
perform a cross-site scripting (XSS) attack on an application that uses
data submitted by a user as parameters to the affected helpers.
(CVE-2014-0081)
A memory consumption issue was discovered in the text rendering component
of Action View. A remote attacker could use this flaw to perform a denial
of service attack by sending specially crafted queries that would result in
the creation of Ruby symbols that were never garbage collected.
(CVE-2014-0082)
Red Hat would like to thank the Ruby on Rails Project for reporting
CVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as
the original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the
original reporter of CVE-2014-0082. The CVE-2014-0057 issue was discovered
by Jan Rusnacko of the Red Hat Product Security Team.
This update fixes several bugs and adds multiple enhancements.
Documentation for these changes will be available shortly from the Red Hat
CloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the
References section.
All users of Red Hat CloudForms are advised to upgrade to these updated
packages, which contain backported patches to correct these issues and add
these enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated cfme packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat CloudForms 3.0.\n\nThe Red Hat Security Response Team has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat CloudForms Management Engine delivers the insight, control, and\nautomation enterprises need to address the challenges of managing virtual\nenvironments, which are far more complex than physical ones. This\ntechnology enables enterprises with existing virtual infrastructures\nto improve visibility and control, and those just starting virtualization\ndeployments to build and operate a well-managed virtual infrastructure.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\napplication. (CVE-2013-4164)\n\nIt was found that Red Hat CloudForms Management Engine did not properly\nsanitize user-supplied values in the ServiceController. A remote attacker\ncould invoke arbitrary method calls in the application controller that, due\nto a lack of sanitization, could allow access to private methods that could\npossibly allow the attacker to execute arbitrary code on the host system.\n(CVE-2014-0057)\n\nIt was found that several number conversion helpers in Action View did not\nproperly escape all their parameters. An attacker could use these flaws to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user as parameters to the affected helpers.\n(CVE-2014-0081)\n\nA memory consumption issue was discovered in the text rendering component\nof Action View. A remote attacker could use this flaw to perform a denial\nof service attack by sending specially crafted queries that would result in\nthe creation of Ruby symbols that were never garbage collected.\n(CVE-2014-0082)\n\nRed Hat would like to thank the Ruby on Rails Project for reporting\nCVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as\nthe original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the\noriginal reporter of CVE-2014-0082. The CVE-2014-0057 issue was discovered\nby Jan Rusnacko of the Red Hat Product Security Team.\n\nThis update fixes several bugs and adds multiple enhancements.\nDocumentation for these changes will be available shortly from the Red Hat\nCloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the\nReferences section.\n\nAll users of Red Hat CloudForms are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and add\nthese enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0215",
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html"
},
{
"category": "external",
"summary": "1033460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033460"
},
{
"category": "external",
"summary": "1064140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
},
{
"category": "external",
"summary": "1065520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
},
{
"category": "external",
"summary": "1065538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0215.json"
}
],
"title": "Red Hat Security Advisory: cfme security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T07:31:55+00:00",
"generator": {
"date": "2024-11-22T07:31:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2014:0215",
"initial_release_date": "2014-03-11T16:56:48+00:00",
"revision_history": [
{
"date": "2014-03-11T16:56:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-03-11T16:56:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T07:31:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Management Engine",
"product": {
"name": "Management Engine",
"product_id": "6Server-CFME",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat CloudForms"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"product": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"product_id": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri@1.5.6-3.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"product_id": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-excon@0.31.0-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"product_id": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bunny@1.0.7-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"product_id": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-fog@1.19.0-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"product_id": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-more_core_extensions@1.1.2-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"product_id": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-linux_admin@0.7.0-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"product_id": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.13-5.el6cf?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"product": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"product_id": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol@1.9.2-3.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"product": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"product_id": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby@1.9.3.448-40.1.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.2.2.3-1.el6cf.src",
"product": {
"name": "cfme-0:5.2.2.3-1.el6cf.src",
"product_id": "cfme-0:5.2.2.3-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.2.2.3-1.el6cf?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"product": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"product_id": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri@1.5.6-3.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"product": {
"name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"product_id": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri-debuginfo@1.5.6-3.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-libs@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-devel@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-tcltk@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-debuginfo@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"product": {
"name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"product_id": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-io-console@0.3-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"product": {
"name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"product_id": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bigdecimal@1.1.0-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-lib@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-debuginfo@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-cfme-host@5.2.2.3-1.el6cf?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"product_id": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-excon@0.31.0-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"product_id": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bunny-doc@1.0.7-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"product_id": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bunny@1.0.7-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"product_id": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-fog@1.19.0-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"product_id": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-more_core_extensions@1.1.2-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"product_id": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-linux_admin@0.7.0-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"product_id": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.13-5.el6cf?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"product_id": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol@1.9.2-3.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"product_id": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol-doc@1.9.2-3.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"product": {
"name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"product_id": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygems-devel@1.8.23-40.1.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"product": {
"name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"product_id": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygems@1.8.23-40.1.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"product": {
"name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"product_id": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-irb@1.9.3.448-40.1.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.2.2.3-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src"
},
"product_reference": "cfme-0:5.2.2.3-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src"
},
"product_reference": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch"
},
"product_reference": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src"
},
"product_reference": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64"
},
"product_reference": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64"
},
"product_reference": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src"
},
"product_reference": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64"
},
"product_reference": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64"
},
"product_reference": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch"
},
"product_reference": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
},
"product_reference": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"relates_to_product_reference": "6Server-CFME"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"David Jorm"
],
"organization": "Red Hat Security Response Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2013-0186",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "895346"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EVM: Stored XSS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0186"
},
{
"category": "external",
"summary": "RHBZ#895346",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=895346"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0186",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0186"
}
],
"release_date": "2014-03-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EVM: Stored XSS"
},
{
"cve": "CVE-2013-4164",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2013-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1033460"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: heap overflow in floating point parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4164"
},
{
"category": "external",
"summary": "RHBZ#1033460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4164",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4164"
}
],
"release_date": "2013-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "ruby: heap overflow in floating point parsing"
},
{
"acknowledgments": [
{
"names": [
"Jan Rusnacko"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-0057",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2014-02-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1064140"
}
],
"notes": [
{
"category": "description",
"text": "The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CFME: Dangerous send in ServiceController",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0057"
},
{
"category": "external",
"summary": "RHBZ#1064140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0057",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0057"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0057",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0057"
}
],
"release_date": "2014-03-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CFME: Dangerous send in ServiceController"
},
{
"acknowledgments": [
{
"names": [
"Ruby on Rails Project"
]
},
{
"names": [
"Kevin Reintjes"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0081",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2014-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065520"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0081"
},
{
"category": "external",
"summary": "RHBZ#1065520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0081",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081"
}
],
"release_date": "2014-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Ruby on Rails Project"
]
},
{
"names": [
"Toby Hsieh"
],
"organization": "SlideShare",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0082",
"discovery_date": "2014-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065538"
}
],
"notes": [
{
"category": "description",
"text": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Action View string handling denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0082"
},
{
"category": "external",
"summary": "RHBZ#1065538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0082",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082"
}
],
"release_date": "2014-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: Action View string handling denial of service"
}
]
}
rhsa-2014:0306
Vulnerability from csaf_redhat
Published
2014-03-17 17:31
Modified
2025-11-08 03:42
Summary
Red Hat Security Advisory: ruby193-rubygem-actionpack security update
Notes
Topic
Updated ruby193-rubygem-actionpack packages that fix two security issues
are now available for Red Hat Software Collections 1.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Ruby on Rails is a model-view-controller (MVC) framework for web
application development. Action Pack implements the controller and the
view components.
It was found that several number conversion helpers in Action View did not
properly escape all their parameters. An attacker could use these flaws to
perform a cross-site scripting (XSS) attack on an application that uses
data submitted by a user as parameters to the affected helpers.
(CVE-2014-0081)
A memory consumption issue was discovered in the text rendering component
of Action View. A remote attacker could use this flaw to perform a denial
of service attack by sending specially crafted queries that would result in
the creation of Ruby symbols that were never garbage collected.
(CVE-2014-0082)
Red Hat would like to thank the Ruby on Rails Project for reporting these
issues. Upstream acknowledges Kevin Reintjes as the original reporter of
CVE-2014-0081, and Toby Hsieh of SlideShare as the original reporter of
CVE-2014-0082.
All ruby193-rubygem-actionpack users are advised to upgrade to these
updated packages, which contain backported patches to correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated ruby193-rubygem-actionpack packages that fix two security issues\nare now available for Red Hat Software Collections 1.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ruby on Rails is a model-view-controller (MVC) framework for web\napplication development. Action Pack implements the controller and the\nview components.\n\nIt was found that several number conversion helpers in Action View did not\nproperly escape all their parameters. An attacker could use these flaws to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user as parameters to the affected helpers.\n(CVE-2014-0081)\n\nA memory consumption issue was discovered in the text rendering component\nof Action View. A remote attacker could use this flaw to perform a denial\nof service attack by sending specially crafted queries that would result in\nthe creation of Ruby symbols that were never garbage collected.\n(CVE-2014-0082)\n\nRed Hat would like to thank the Ruby on Rails Project for reporting these\nissues. Upstream acknowledges Kevin Reintjes as the original reporter of\nCVE-2014-0081, and Toby Hsieh of SlideShare as the original reporter of\nCVE-2014-0082.\n\nAll ruby193-rubygem-actionpack users are advised to upgrade to these\nupdated packages, which contain backported patches to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0306",
"url": "https://access.redhat.com/errata/RHSA-2014:0306"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1065520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
},
{
"category": "external",
"summary": "1065538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0306.json"
}
],
"title": "Red Hat Security Advisory: ruby193-rubygem-actionpack security update",
"tracking": {
"current_release_date": "2025-11-08T03:42:35+00:00",
"generator": {
"date": "2025-11-08T03:42:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2014:0306",
"initial_release_date": "2014-03-17T17:31:50+00:00",
"revision_history": [
{
"date": "2014-03-17T17:31:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-03-17T17:31:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-08T03:42:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:1::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"product_id": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack-doc@3.2.8-5.3.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"product_id": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.8-5.3.el6?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"product_id": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.8-5.3.el6?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ruby on Rails Project"
]
},
{
"names": [
"Kevin Reintjes"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0081",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2014-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065520"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0081"
},
{
"category": "external",
"summary": "RHBZ#1065520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0081",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081"
}
],
"release_date": "2014-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-17T17:31:50+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0306"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Ruby on Rails Project"
]
},
{
"names": [
"Toby Hsieh"
],
"organization": "SlideShare",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0082",
"discovery_date": "2014-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065538"
}
],
"notes": [
{
"category": "description",
"text": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Action View string handling denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0082"
},
{
"category": "external",
"summary": "RHBZ#1065538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0082",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082"
}
],
"release_date": "2014-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-17T17:31:50+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0306"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: Action View string handling denial of service"
}
]
}
rhsa-2014:0215
Vulnerability from csaf_redhat
Published
2014-03-11 16:56
Modified
2025-11-08 03:37
Summary
Red Hat Security Advisory: cfme security, bug fix, and enhancement update
Notes
Topic
Updated cfme packages that fix multiple security issues, several bugs, and
add various enhancements are now available for Red Hat CloudForms 3.0.
The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat CloudForms Management Engine delivers the insight, control, and
automation enterprises need to address the challenges of managing virtual
environments, which are far more complex than physical ones. This
technology enables enterprises with existing virtual infrastructures
to improve visibility and control, and those just starting virtualization
deployments to build and operate a well-managed virtual infrastructure.
A buffer overflow flaw was found in the way Ruby parsed floating point
numbers from their text representation. If an application using Ruby
accepted untrusted input strings and converted them to floating point
numbers, an attacker able to provide such input could cause the application
to crash or, possibly, execute arbitrary code with the privileges of the
application. (CVE-2013-4164)
It was found that Red Hat CloudForms Management Engine did not properly
sanitize user-supplied values in the ServiceController. A remote attacker
could invoke arbitrary method calls in the application controller that, due
to a lack of sanitization, could allow access to private methods that could
possibly allow the attacker to execute arbitrary code on the host system.
(CVE-2014-0057)
It was found that several number conversion helpers in Action View did not
properly escape all their parameters. An attacker could use these flaws to
perform a cross-site scripting (XSS) attack on an application that uses
data submitted by a user as parameters to the affected helpers.
(CVE-2014-0081)
A memory consumption issue was discovered in the text rendering component
of Action View. A remote attacker could use this flaw to perform a denial
of service attack by sending specially crafted queries that would result in
the creation of Ruby symbols that were never garbage collected.
(CVE-2014-0082)
Red Hat would like to thank the Ruby on Rails Project for reporting
CVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as
the original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the
original reporter of CVE-2014-0082. The CVE-2014-0057 issue was discovered
by Jan Rusnacko of the Red Hat Product Security Team.
This update fixes several bugs and adds multiple enhancements.
Documentation for these changes will be available shortly from the Red Hat
CloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the
References section.
All users of Red Hat CloudForms are advised to upgrade to these updated
packages, which contain backported patches to correct these issues and add
these enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated cfme packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat CloudForms 3.0.\n\nThe Red Hat Security Response Team has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat CloudForms Management Engine delivers the insight, control, and\nautomation enterprises need to address the challenges of managing virtual\nenvironments, which are far more complex than physical ones. This\ntechnology enables enterprises with existing virtual infrastructures\nto improve visibility and control, and those just starting virtualization\ndeployments to build and operate a well-managed virtual infrastructure.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\napplication. (CVE-2013-4164)\n\nIt was found that Red Hat CloudForms Management Engine did not properly\nsanitize user-supplied values in the ServiceController. A remote attacker\ncould invoke arbitrary method calls in the application controller that, due\nto a lack of sanitization, could allow access to private methods that could\npossibly allow the attacker to execute arbitrary code on the host system.\n(CVE-2014-0057)\n\nIt was found that several number conversion helpers in Action View did not\nproperly escape all their parameters. An attacker could use these flaws to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user as parameters to the affected helpers.\n(CVE-2014-0081)\n\nA memory consumption issue was discovered in the text rendering component\nof Action View. A remote attacker could use this flaw to perform a denial\nof service attack by sending specially crafted queries that would result in\nthe creation of Ruby symbols that were never garbage collected.\n(CVE-2014-0082)\n\nRed Hat would like to thank the Ruby on Rails Project for reporting\nCVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as\nthe original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the\noriginal reporter of CVE-2014-0082. The CVE-2014-0057 issue was discovered\nby Jan Rusnacko of the Red Hat Product Security Team.\n\nThis update fixes several bugs and adds multiple enhancements.\nDocumentation for these changes will be available shortly from the Red Hat\nCloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the\nReferences section.\n\nAll users of Red Hat CloudForms are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and add\nthese enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0215",
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html"
},
{
"category": "external",
"summary": "1033460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033460"
},
{
"category": "external",
"summary": "1064140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
},
{
"category": "external",
"summary": "1065520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
},
{
"category": "external",
"summary": "1065538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0215.json"
}
],
"title": "Red Hat Security Advisory: cfme security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-08T03:37:57+00:00",
"generator": {
"date": "2025-11-08T03:37:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2014:0215",
"initial_release_date": "2014-03-11T16:56:48+00:00",
"revision_history": [
{
"date": "2014-03-11T16:56:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-03-11T16:56:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-08T03:37:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Management Engine",
"product": {
"name": "Management Engine",
"product_id": "6Server-CFME",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat CloudForms"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"product": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"product_id": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri@1.5.6-3.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"product_id": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-excon@0.31.0-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"product_id": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bunny@1.0.7-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"product_id": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-fog@1.19.0-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"product_id": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-more_core_extensions@1.1.2-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"product_id": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-linux_admin@0.7.0-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"product_id": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.13-5.el6cf?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"product": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"product_id": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol@1.9.2-3.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"product": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"product_id": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby@1.9.3.448-40.1.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.2.2.3-1.el6cf.src",
"product": {
"name": "cfme-0:5.2.2.3-1.el6cf.src",
"product_id": "cfme-0:5.2.2.3-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.2.2.3-1.el6cf?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"product": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"product_id": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri@1.5.6-3.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"product": {
"name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"product_id": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri-debuginfo@1.5.6-3.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-libs@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-devel@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-tcltk@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-debuginfo@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"product": {
"name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"product_id": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-io-console@0.3-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"product": {
"name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"product_id": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bigdecimal@1.1.0-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-lib@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-debuginfo@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-cfme-host@5.2.2.3-1.el6cf?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"product_id": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-excon@0.31.0-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"product_id": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bunny-doc@1.0.7-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"product_id": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bunny@1.0.7-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"product_id": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-fog@1.19.0-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"product_id": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-more_core_extensions@1.1.2-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"product_id": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-linux_admin@0.7.0-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"product_id": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.13-5.el6cf?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"product_id": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol@1.9.2-3.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"product_id": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol-doc@1.9.2-3.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"product": {
"name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"product_id": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygems-devel@1.8.23-40.1.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"product": {
"name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"product_id": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygems@1.8.23-40.1.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"product": {
"name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"product_id": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-irb@1.9.3.448-40.1.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.2.2.3-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src"
},
"product_reference": "cfme-0:5.2.2.3-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src"
},
"product_reference": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch"
},
"product_reference": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src"
},
"product_reference": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64"
},
"product_reference": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64"
},
"product_reference": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src"
},
"product_reference": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64"
},
"product_reference": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64"
},
"product_reference": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch"
},
"product_reference": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
},
"product_reference": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"relates_to_product_reference": "6Server-CFME"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"David Jorm"
],
"organization": "Red Hat Security Response Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2013-0186",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "895346"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EVM: Stored XSS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0186"
},
{
"category": "external",
"summary": "RHBZ#895346",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=895346"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0186",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0186"
}
],
"release_date": "2014-03-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EVM: Stored XSS"
},
{
"cve": "CVE-2013-4164",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2013-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1033460"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: heap overflow in floating point parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4164"
},
{
"category": "external",
"summary": "RHBZ#1033460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4164",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4164"
}
],
"release_date": "2013-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "ruby: heap overflow in floating point parsing"
},
{
"acknowledgments": [
{
"names": [
"Jan Rusnacko"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-0057",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2014-02-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1064140"
}
],
"notes": [
{
"category": "description",
"text": "The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CFME: Dangerous send in ServiceController",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0057"
},
{
"category": "external",
"summary": "RHBZ#1064140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0057",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0057"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0057",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0057"
}
],
"release_date": "2014-03-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CFME: Dangerous send in ServiceController"
},
{
"acknowledgments": [
{
"names": [
"Ruby on Rails Project"
]
},
{
"names": [
"Kevin Reintjes"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0081",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2014-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065520"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0081"
},
{
"category": "external",
"summary": "RHBZ#1065520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0081",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081"
}
],
"release_date": "2014-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Ruby on Rails Project"
]
},
{
"names": [
"Toby Hsieh"
],
"organization": "SlideShare",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0082",
"discovery_date": "2014-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065538"
}
],
"notes": [
{
"category": "description",
"text": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Action View string handling denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0082"
},
{
"category": "external",
"summary": "RHBZ#1065538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0082",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082"
}
],
"release_date": "2014-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: Action View string handling denial of service"
}
]
}
RHSA-2014:0306
Vulnerability from csaf_redhat
Published
2014-03-17 17:31
Modified
2025-11-08 03:42
Summary
Red Hat Security Advisory: ruby193-rubygem-actionpack security update
Notes
Topic
Updated ruby193-rubygem-actionpack packages that fix two security issues
are now available for Red Hat Software Collections 1.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Ruby on Rails is a model-view-controller (MVC) framework for web
application development. Action Pack implements the controller and the
view components.
It was found that several number conversion helpers in Action View did not
properly escape all their parameters. An attacker could use these flaws to
perform a cross-site scripting (XSS) attack on an application that uses
data submitted by a user as parameters to the affected helpers.
(CVE-2014-0081)
A memory consumption issue was discovered in the text rendering component
of Action View. A remote attacker could use this flaw to perform a denial
of service attack by sending specially crafted queries that would result in
the creation of Ruby symbols that were never garbage collected.
(CVE-2014-0082)
Red Hat would like to thank the Ruby on Rails Project for reporting these
issues. Upstream acknowledges Kevin Reintjes as the original reporter of
CVE-2014-0081, and Toby Hsieh of SlideShare as the original reporter of
CVE-2014-0082.
All ruby193-rubygem-actionpack users are advised to upgrade to these
updated packages, which contain backported patches to correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated ruby193-rubygem-actionpack packages that fix two security issues\nare now available for Red Hat Software Collections 1.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ruby on Rails is a model-view-controller (MVC) framework for web\napplication development. Action Pack implements the controller and the\nview components.\n\nIt was found that several number conversion helpers in Action View did not\nproperly escape all their parameters. An attacker could use these flaws to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user as parameters to the affected helpers.\n(CVE-2014-0081)\n\nA memory consumption issue was discovered in the text rendering component\nof Action View. A remote attacker could use this flaw to perform a denial\nof service attack by sending specially crafted queries that would result in\nthe creation of Ruby symbols that were never garbage collected.\n(CVE-2014-0082)\n\nRed Hat would like to thank the Ruby on Rails Project for reporting these\nissues. Upstream acknowledges Kevin Reintjes as the original reporter of\nCVE-2014-0081, and Toby Hsieh of SlideShare as the original reporter of\nCVE-2014-0082.\n\nAll ruby193-rubygem-actionpack users are advised to upgrade to these\nupdated packages, which contain backported patches to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0306",
"url": "https://access.redhat.com/errata/RHSA-2014:0306"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1065520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
},
{
"category": "external",
"summary": "1065538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0306.json"
}
],
"title": "Red Hat Security Advisory: ruby193-rubygem-actionpack security update",
"tracking": {
"current_release_date": "2025-11-08T03:42:35+00:00",
"generator": {
"date": "2025-11-08T03:42:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2014:0306",
"initial_release_date": "2014-03-17T17:31:50+00:00",
"revision_history": [
{
"date": "2014-03-17T17:31:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-03-17T17:31:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-08T03:42:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:1::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"product_id": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack-doc@3.2.8-5.3.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"product_id": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.8-5.3.el6?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"product_id": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.8-5.3.el6?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ruby on Rails Project"
]
},
{
"names": [
"Kevin Reintjes"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0081",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2014-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065520"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0081"
},
{
"category": "external",
"summary": "RHBZ#1065520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0081",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081"
}
],
"release_date": "2014-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-17T17:31:50+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0306"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Ruby on Rails Project"
]
},
{
"names": [
"Toby Hsieh"
],
"organization": "SlideShare",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0082",
"discovery_date": "2014-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065538"
}
],
"notes": [
{
"category": "description",
"text": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Action View string handling denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0082"
},
{
"category": "external",
"summary": "RHBZ#1065538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0082",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082"
}
],
"release_date": "2014-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-17T17:31:50+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0306"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Server-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.noarch",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-1:3.2.8-5.3.el6.src",
"6Workstation-RHSCL-1.0:ruby193-rubygem-actionpack-doc-1:3.2.8-5.3.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: Action View string handling denial of service"
}
]
}
ghsa-7cgp-c3g7-qvrw
Vulnerability from github
Published
2017-10-24 18:33
Modified
2023-06-30 21:25
VLAI Severity ?
Summary
actionpack Improper Input Validation vulnerability
Details
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "actionpack"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.2.17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-0082"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:22:28Z",
"nvd_published_at": "2014-02-20T15:27:09Z",
"severity": "MODERATE"
},
"details": "`actionpack/lib/action_view/template/text.rb` in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the `:text` option to the `render` method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.",
"id": "GHSA-7cgp-c3g7-qvrw",
"modified": "2023-06-30T21:25:19Z",
"published": "2017-10-24T18:33:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082"
},
{
"type": "PACKAGE",
"url": "https://github.com/rails/rails"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2014/02/18/10"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html"
},
{
"type": "WEB",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "actionpack Improper Input Validation vulnerability"
}
gsd-2014-0082
Vulnerability from gsd
Modified
2014-02-18 00:00
Details
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-0082",
"description": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.",
"id": "GSD-2014-0082",
"references": [
"https://www.suse.com/security/cve/CVE-2014-0082.html",
"https://www.debian.org/security/2014/dsa-2929",
"https://access.redhat.com/errata/RHSA-2014:0306",
"https://access.redhat.com/errata/RHSA-2014:0215"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "actionpack",
"purl": "pkg:gem/actionpack"
}
}
],
"aliases": [
"CVE-2014-0082",
"OSVDB-103440"
],
"details": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.",
"id": "GSD-2014-0082",
"modified": "2014-02-18T00:00:00.000Z",
"published": "2014-02-18T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 5.0,
"type": "CVSS_V2"
}
],
"summary": "CVE-2014-0082 rubygem-actionpack: Action View string handling denial of service"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rubyonrails-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"
},
{
"name": "RHSA-2014:0215",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"name": "57836",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57836"
},
{
"name": "RHSA-2014:0306",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html"
},
{
"name": "https://puppet.com/security/cve/cve-2014-0082",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2014-0082"
},
{
"name": "openSUSE-SU-2014:0295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"
},
{
"name": "57376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57376"
},
{
"name": "[oss-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/18/10"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
"refsource": "CONFIRM",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-0082",
"cvss_v2": 5.0,
"date": "2014-02-18",
"description": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.",
"framework": "rails",
"gem": "actionpack",
"osvdb": 103440,
"patched_versions": [
"\u003e= 3.2.17"
],
"title": "CVE-2014-0082 rubygem-actionpack: Action View string handling denial of service",
"unaffected_versions": [
"\u003e= 4.0.0"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c3.2.17",
"affected_versions": "All versions before 3.2.17",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2019-08-08",
"description": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.",
"fixed_versions": [
"3.2.17"
],
"identifier": "CVE-2014-0082",
"identifiers": [
"CVE-2014-0082"
],
"not_impacted": "All versions starting from 3.2.17",
"package_slug": "gem/actionpack",
"pubdate": "2014-02-20",
"solution": "Ugrade to versions 3.2.17 or above",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-0082"
],
"uuid": "aecf57e2-f437-4c79-a29e-2462ad45d2f6"
},
{
"affected_range": "\u003e=3.0.0.beta \u003c3.2.17",
"affected_versions": "All versions starting from 3.0.0.beta before 3.2.17",
"credit": "Toby Hsieh of SlideShare",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2019-08-08",
"description": "Strings sent in specially crafted headers will be converted to symbols.",
"fixed_versions": [
"3.2.17"
],
"identifier": "CVE-2014-0082",
"identifiers": [
"CVE-2014-0082"
],
"not_impacted": "4.0.x",
"package_slug": "gem/rails",
"pubdate": "2014-02-20",
"solution": "Users who cannot upgrade may apply a monkey patch to work around the issue. See provided link.",
"title": "Denial of Service Vulnerability when using render :text",
"urls": [
"https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc"
],
"uuid": "b89df228-cd40-453b-83c1-b7a10f1b09c3"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.16",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0082"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)",
"refsource": "MLIST",
"tags": [],
"url": "http://openwall.com/lists/oss-security/2014/02/18/10"
},
{
"name": "[rubyonrails-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)",
"refsource": "MLIST",
"tags": [],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"
},
{
"name": "openSUSE-SU-2014:0295",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"
},
{
"name": "RHSA-2014:0215",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"name": "RHSA-2014:0306",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html"
},
{
"name": "57376",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/57376"
},
{
"name": "57836",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/57836"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"name": "https://puppet.com/security/cve/cve-2014-0082",
"refsource": "CONFIRM",
"tags": [],
"url": "https://puppet.com/security/cve/cve-2014-0082"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2019-08-08T15:42Z",
"publishedDate": "2014-02-20T15:27Z"
}
}
}
fkie_cve-2014-0082
Vulnerability from fkie_nvd
Published
2014-02-20 15:27
Modified
2025-04-11 00:51
Severity ?
Summary
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2014/02/18/10 | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2014-0215.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2014-0306.html | ||
| secalert@redhat.com | http://secunia.com/advisories/57376 | ||
| secalert@redhat.com | http://secunia.com/advisories/57836 | ||
| secalert@redhat.com | http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ | ||
| secalert@redhat.com | https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ | ||
| secalert@redhat.com | https://puppet.com/security/cve/cve-2014-0082 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2014/02/18/10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2014-0215.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2014-0306.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/57376 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/57836 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://puppet.com/security/cve/cve-2014-0082 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails | 3.0.0 | |
| rubyonrails | rails | 3.0.0 | |
| rubyonrails | rails | 3.0.0 | |
| rubyonrails | rails | 3.0.0 | |
| rubyonrails | rails | 3.0.0 | |
| rubyonrails | rails | 3.0.0 | |
| rubyonrails | rails | 3.0.0 | |
| rubyonrails | rails | 3.0.1 | |
| rubyonrails | rails | 3.0.1 | |
| rubyonrails | rails | 3.0.2 | |
| rubyonrails | rails | 3.0.2 | |
| rubyonrails | rails | 3.0.3 | |
| rubyonrails | rails | 3.0.4 | |
| rubyonrails | rails | 3.0.5 | |
| rubyonrails | rails | 3.0.5 | |
| rubyonrails | rails | 3.0.6 | |
| rubyonrails | rails | 3.0.6 | |
| rubyonrails | rails | 3.0.6 | |
| rubyonrails | rails | 3.0.7 | |
| rubyonrails | rails | 3.0.7 | |
| rubyonrails | rails | 3.0.7 | |
| rubyonrails | rails | 3.0.8 | |
| rubyonrails | rails | 3.0.8 | |
| rubyonrails | rails | 3.0.8 | |
| rubyonrails | rails | 3.0.8 | |
| rubyonrails | rails | 3.0.8 | |
| rubyonrails | rails | 3.0.9 | |
| rubyonrails | rails | 3.0.9 | |
| rubyonrails | rails | 3.0.9 | |
| rubyonrails | rails | 3.0.9 | |
| rubyonrails | rails | 3.0.9 | |
| rubyonrails | rails | 3.0.9 | |
| rubyonrails | rails | 3.0.10 | |
| rubyonrails | rails | 3.0.10 | |
| rubyonrails | rails | 3.0.11 | |
| rubyonrails | rails | 3.0.12 | |
| rubyonrails | rails | 3.0.12 | |
| rubyonrails | rails | 3.0.13 | |
| rubyonrails | rails | 3.0.13 | |
| rubyonrails | rails | 3.0.14 | |
| rubyonrails | rails | 3.0.16 | |
| rubyonrails | rails | 3.0.17 | |
| rubyonrails | rails | 3.0.18 | |
| rubyonrails | rails | 3.0.19 | |
| rubyonrails | rails | 3.0.20 | |
| rubyonrails | rails | 3.1.0 | |
| rubyonrails | rails | 3.1.0 | |
| rubyonrails | rails | 3.1.0 | |
| rubyonrails | rails | 3.1.0 | |
| rubyonrails | rails | 3.1.0 | |
| rubyonrails | rails | 3.1.0 | |
| rubyonrails | rails | 3.1.0 | |
| rubyonrails | rails | 3.1.0 | |
| rubyonrails | rails | 3.1.0 | |
| rubyonrails | rails | 3.1.0 | |
| rubyonrails | rails | 3.1.1 | |
| rubyonrails | rails | 3.1.1 | |
| rubyonrails | rails | 3.1.1 | |
| rubyonrails | rails | 3.1.1 | |
| rubyonrails | rails | 3.1.2 | |
| rubyonrails | rails | 3.1.2 | |
| rubyonrails | rails | 3.1.2 | |
| rubyonrails | rails | 3.1.3 | |
| rubyonrails | rails | 3.1.4 | |
| rubyonrails | rails | 3.1.4 | |
| rubyonrails | rails | 3.1.5 | |
| rubyonrails | rails | 3.1.5 | |
| rubyonrails | rails | 3.1.6 | |
| rubyonrails | rails | 3.1.7 | |
| rubyonrails | rails | 3.1.8 | |
| rubyonrails | rails | 3.1.9 | |
| rubyonrails | rails | 3.1.10 | |
| rubyonrails | rails | 3.2.0 | |
| rubyonrails | rails | 3.2.0 | |
| rubyonrails | rails | 3.2.0 | |
| rubyonrails | rails | 3.2.1 | |
| rubyonrails | rails | 3.2.2 | |
| rubyonrails | rails | 3.2.2 | |
| rubyonrails | rails | 3.2.3 | |
| rubyonrails | rails | 3.2.3 | |
| rubyonrails | rails | 3.2.3 | |
| rubyonrails | rails | 3.2.4 | |
| rubyonrails | rails | 3.2.4 | |
| rubyonrails | rails | 3.2.5 | |
| rubyonrails | rails | 3.2.6 | |
| rubyonrails | rails | 3.2.7 | |
| rubyonrails | rails | 3.2.8 | |
| rubyonrails | rails | 3.2.9 | |
| rubyonrails | rails | 3.2.10 | |
| rubyonrails | rails | 3.2.11 | |
| rubyonrails | rails | 3.2.12 | |
| rubyonrails | rails | 3.2.13 | |
| rubyonrails | rails | 3.2.13 | |
| rubyonrails | rails | 3.2.13 | |
| rubyonrails | rails | 3.2.15 | |
| rubyonrails | rails | 3.2.15 | |
| rubyonrails | ruby_on_rails | * | |
| rubyonrails | ruby_on_rails | 3.0.4 | |
| rubyonrails | ruby_on_rails | 3.2.14 | |
| rubyonrails | ruby_on_rails | 3.2.14 | |
| rubyonrails | ruby_on_rails | 3.2.14 | |
| rubyonrails | ruby_on_rails | 3.2.15 | |
| rubyonrails | ruby_on_rails | 3.2.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BE7DFE-BA20-434B-A1DE-AD038B255C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "DCEE5B21-C990-4705-8239-0D7B29DAEDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "65EE33B1-B079-4CDE-B9C2-F1613A4610DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5CAAA20B-824F-4448-99DC-9712FE628073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D2BEBDFB-0F30-454A-B74C-F820C9D2708B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "1D7CD8C1-95D1-477E-AD96-6582EC33BA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6F00D98-3D0F-40AF-AE4F-090B1E6B660C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9476CE55-69C0-45D3-B723-6F459C90BF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*",
"matchCriteriaId": "486F5BA6-BCF7-4691-9754-19D364B4438D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "112FC73B-A8BC-4EEA-9F4B-CCE685EF2838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*",
"matchCriteriaId": "E4498383-6FCA-4E17-A1FD-B0CE7EE50F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D26565B1-2BA6-4A3C-9264-7FC9A1820B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "644EF85E-6D3E-4F5C-96B0-49AD2A2D90CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "392E2D58-CB39-4832-B4D9-9C2E23B8E14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1F2466EA-7039-46A1-B4A3-8DACD1953A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CAB4E72-0A15-4B26-9B69-074C278568D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A085E105-9375-440A-80CB-9B23E6D7EB4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "25911E48-C5D7-4ED8-B4DB-7523A74CCF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6EC1E5-3A4A-4751-9F77-28EF5AF681E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B29674E3-CC80-446B-9A43-82594AE7A058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FF34D8CB-2B6D-4CB8-A206-108293BCFFE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5187F6-E3AC-4E0D-B1D0-83DE76C20A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "272268EE-E3E8-4683-B679-55D748877A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B69FD33-61FE-4F10-BBE1-215F59035D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "08D7CB5D-82EF-4A24-A792-938FAB40863D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8A044B21-47D5-468D-AF4A-06B3B5CC0824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2196F3D0-532A-40F9-843A-1DFBC8B63FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBEDA932-6CB5-438C-94E4-824732A91BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "903E5524-5E45-48CE-A804-EDAEBE3A79AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "08534AF2-F94E-4FB6-A572-4FB9827276D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*",
"matchCriteriaId": "29E3B4A6-1346-4358-B7BC-84D00ED3ABBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B52D7A6B-DD93-45F0-9186-18ABEFF28DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1F07C641-48DF-43BE-9EB5-72B337C54846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1CB1B12-99F5-430F-AE19-9A95C17FA123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A7C449-8F9A-4CE5-9C3D-375996BFAEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "05D5D58C-DB79-41EA-81AE-5D95C48211B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FE331D6D-99BA-4369-AD8B-B556DEE4955F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "58304E17-ADFD-4686-9CCF-C1CA31843B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "05108EF0-81AD-4378-9843-5C23F2AC79A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE7DA7E-23A5-42AF-9D5C-39240CE2FBDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0C448F62-8231-4221-ADA0-C9B848AE03D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5FBD11A1-51C7-4AF7-AA0B-3A14C5435E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "60255706-C44A-48CB-B98B-A1F0991CBC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0456E2E8-EF06-414E-8A7D-8005F0EB46B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9EE4763-2495-4B6A-B72F-344967E51C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB51F3E9-4899-49A9-9E7B-0DCA92A91DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F884F2F4-94F3-46CB-860B-1BCC0EEF408A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "88DFBB48-1C29-4639-9369-F5B413CA2337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D37696D7-BEE6-4587-9E33-A7FE24780409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E95B5D44-0C8D-47BC-A89D-48A5BDEB84F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1DFDAF6A-76AA-436F-A4F3-DA69892DE2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D3172982-3FA4-427F-BE3E-2321D804E49D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "FD6EC85B-F092-48FF-966A-96B9227C8656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "9000F3C1-57A0-474C-9C82-E58688F29838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "6E55E42E-AB6A-4E47-AC69-DFDAEB0A8735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A42F4E7A-6F6A-485C-8D30-95F3B0285922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "30B9C0CB-F6E6-4233-84E4-D6E69104DD73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84309CC7-A8B7-4ADB-AEA1-964DA5F7B0E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5343241F-274D-45FF-97C7-2BC2E920BAF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FED122B8-AF4C-4C48-B1E5-54F4A7A31A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "157ACCAD-0FB8-4CC9-9DFB-70835DE6506C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3E50ACF6-7277-4C9A-B42A-E7EFDC317691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C191DC2B-1EC3-48E0-A586-867E6EE4431C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA51263-6680-42C6-B119-8241D6F76206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B4BC41E8-FEDA-4C31-B479-D49A59FC4D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "09C20971-53B5-43B0-AC45-5AA0FDF1B054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D1AEFA5D-A793-4BAB-8DED-3D3A31260AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "496902D6-409A-40D9-849F-C41264BE5B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2482AB3F-8303-4F95-BE04-C5F06EEF2015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "244C6952-377C-4AF0-8BA2-C34516A3EB5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "98A79CC5-71EC-4E90-9E99-2DF62ABC0122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6562F3C3-D794-4107-95D4-1C0B0486940B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2816C02C-E13E-4367-91F3-14756A90EC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E82AF7C7-B725-40EF-8EE3-18F8E7FAEB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1AE674DE-65DB-437E-A034-A2EE5C584B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0524F3E3-BAD7-4CD3-A6E7-74CFBE4B46E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32EB2C3F-0F24-43DB-988E-BD2973598F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EB32713D-FE64-445E-872E-B4678C243AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C55E6B4A-2B9C-46C8-A739-109EA4BA7FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89C618DC-38BC-4484-8C41-BC38B7EB636B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE1EF01A-F358-45D3-ADA2-51DD1D8CB6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2616BD-A4E8-42F3-BB5A-7517DC4EDA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0E376782-98B0-4766-B6FC-67E032A00C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "96D08DC1-14E9-4DB9-BC95-3F73B454FBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F365C9E5-27DC-46C3-AFE4-4876EC7B352B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0016A6-0ED6-443D-B969-CB1226D8E28C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E69470EA-5EBC-4FB9-A722-5B61C70C1140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B13A8EBB-4211-4AB1-8872-244EEEE20ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AB2152-DED8-4CFD-B915-94A9F56FDD05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C630AB60-DBAF-421E-B663-492BAE8A180F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0F41CCF8-14EB-4327-A675-83BFDBB53196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "75842F7D-B1B1-48BA-858F-01148867B3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FE65D701-AA6E-48E4-B62B-C22DEE863503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17B1E475-C873-4561-9348-027721C08D79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C0406FF0-30F5-40E2-B9B8-FE465D923DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6646610D-279B-4AEC-B445-981E7784EE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*",
"matchCriteriaId": "005A14B0-1621-4A0C-A990-2B8B59C199B3",
"versionEndIncluding": "3.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "224BD488-0D7E-4F8B-9012-DE872DEB544C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A325F57E-0055-4279-9ED7-A26E75FC38E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9A3BA4AE-B4F0-4204-AFA1-1016F0A6F7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:rc2:*:*:*:*:*:*",
"matchCriteriaId": "991F368C-CEB5-4DE6-A7EE-C341F358A4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "01DB164E-E08E-4649-84BD-15B4159A3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0F7ECFB-86A1-4F00-AD47-971FA23C6D21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers."
},
{
"lang": "es",
"value": "actionpack/lib/action_view/template/text.rb en Action View en Ruby on Rails 3.x anterior a 3.2.17 convierte cadenas tipo MIME a s\u00edmbolos durante el uso de la opci\u00f3n :text al m\u00e9todo render, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) mediante la inclusi\u00f3n de estas cadenas en cabeceras."
}
],
"id": "CVE-2014-0082",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-20T15:27:09.170",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2014/02/18/10"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57376"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57836"
},
{
"source": "secalert@redhat.com",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"source": "secalert@redhat.com",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"
},
{
"source": "secalert@redhat.com",
"url": "https://puppet.com/security/cve/cve-2014-0082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/02/18/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://puppet.com/security/cve/cve-2014-0082"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2014-AVI-103
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Puppet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Versions antérieures à Puppet Enterprise 3.2.0
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 Puppet Enterprise 3.2.0\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0082",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0082"
},
{
"name": "CVE-2013-4966",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4966"
},
{
"name": "CVE-2013-4971",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4971"
},
{
"name": "CVE-2014-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
}
],
"initial_release_date": "2014-03-06T00:00:00",
"last_revision_date": "2014-03-06T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-103",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePuppet\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Puppet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-4971 du 04 mars 2014",
"url": "http://puppetlabs.com/security/cve/cve-2013-4971"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2014-0082 du 04 mars 2014",
"url": "http://puppetlabs.com/security/cve/cve-2014-0082"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-4966 du 04 mars 2014",
"url": "http://puppetlabs.com/security/cve/cve-2013-4966"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2014-0060 du 04 mars 2014",
"url": "http://puppetlabs.com/security/cve/cve-2014-0060"
}
]
}
CERTFR-2014-AVI-077
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Ruby On Rails. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Ruby on Rails | Ruby on Rails | Ruby On Rails versions antérieures à 4.0.3 | ||
| Ruby on Rails | Ruby on Rails | Ruby On Rails versions antérieures à 4.1.0beta2 | ||
| Ruby on Rails | Ruby on Rails | Ruby On Rails versions antérieures à 3.2.17 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ruby On Rails versions ant\u00e9rieures \u00e0 4.0.3",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
},
{
"description": "Ruby On Rails versions ant\u00e9rieures \u00e0 4.1.0beta2",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
},
{
"description": "Ruby On Rails versions ant\u00e9rieures \u00e0 3.2.17",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0082",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0082"
},
{
"name": "CVE-2014-0080",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0080"
},
{
"name": "CVE-2014-0081",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0081"
}
],
"initial_release_date": "2014-02-19T00:00:00",
"last_revision_date": "2014-02-19T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-077",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eRuby On Rails\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby On Rails",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails du 18 f\u00e9vrier 2014",
"url": "http://weblog.rubyonrails.org/2014/2/18/Rails_3_2_17_4_0_3_and_4_1_0_beta2_have_been_released/"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…