CVE-2012-6109

Related Files

Gentoo Linux Security Advisory 201405-10

Posted May 19, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-10 - Multiple vulnerabilities have been found in Rack, the worst of which allow execution of arbitrary code. Versions less than 1.4.5 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2012-6109, CVE-2013-0183, CVE-2013-0184, CVE-2013-0262, CVE-2013-0263

SHA-256 | 8eb7b04a7ff4141bc295620249608014b58fc83e4fff415b3d7a5d1f8a316361

Download | Favorite | View

Red Hat Security Advisory 2013-0544-01

Posted Feb 21, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0544-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. It was discovered that Katello did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to download consumer certificates or change settings of other users' systems if they knew the target system's UUID. A vulnerability in rubygem-ldap_fluff allowed a remote attacker to bypass authentication and log into Subscription Asset Manager when a Microsoft Active Directory server was used as the back-end authentication server.

tags | advisory, remote

systems | linux, redhat

advisories | CVE-2012-5561, CVE-2012-5603, CVE-2012-5604, CVE-2012-6109, CVE-2012-6496, CVE-2013-0162, CVE-2013-0183, CVE-2013-0184

SHA-256 | 40ed8cc02a824cba926dc987492cb7cfa65beb82b844986c7ceface61e3927c2

Download | Favorite | View

Red Hat Security Advisory 2013-0548-01

Posted Feb 21, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0548-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. It provides self-service computing resources to users in a managed, governed, and secure way. Three flaws were found in rubygem-rack. A remote attacker could use these flaws to perform a denial of service attack against applications using rubygem-rack. It was found that documentation created by rubygem-rdoc was vulnerable to a cross-site scripting attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's session. As rubygem-rdoc is used for creating documentation for Ruby source files, it is not a common scenario to make such documentation accessible over the network.

tags | advisory, remote, web, denial of service, arbitrary, xss, ruby

systems | linux, redhat

advisories | CVE-2012-6109, CVE-2013-0162, CVE-2013-0183, CVE-2013-0184, CVE-2013-0256

SHA-256 | 7eeecf4bd61add69a8fdb62e0fc678b6962eaa82560b226a399c33ad350a2198

Download | Favorite | View