CVE-2013-6414

Related Files

Red Hat Security Advisory 2014-1863-01

Posted Nov 17, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1863-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. Red Hat Subscription Asset Manager is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request.

tags | advisory, remote, web, arbitrary, local, ruby

systems | linux, redhat

advisories | CVE-2013-1854, CVE-2013-1855, CVE-2013-1857, CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2014-0130

SHA-256 | 688dccb48f0fad7f4ed5bb8b5c284c3cde47754bf1f5692e7d244e4fdf120639

Download | Favorite | View

Debian Security Advisory 2888-1

Posted Mar 28, 2014

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2888-1 - Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack.

tags | advisory, denial of service, vulnerability, xss, ruby

systems | linux, debian

advisories | CVE-2013-4389, CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2013-6417

SHA-256 | 423a0919621086aaccc30b1f280aaa8df27b793c92b30df5b3341a89bb7b74d0

Download | Favorite | View

Red Hat Security Advisory 2014-0008-01

Posted Jan 6, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0008-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A flaw was found in the way Ruby on Rails performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155.

tags | advisory, web, ruby

systems | linux, redhat

advisories | CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2013-6417

SHA-256 | 0a8f57dbc735ddfa0cc62a2274af9696755237e6e22f00930ff57a46300f201d

Download | Favorite | View

Red Hat Security Advisory 2013-1794-01

Posted Dec 6, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1794-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A flaw was found in the way Ruby on Rails performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155.

tags | advisory, web, ruby

systems | linux, redhat

advisories | CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2013-6417

SHA-256 | 135a48c1e3f99b850c2d60c2cd13ef3f61d6a033ac26df2f0c0908db190de34a

Download | Favorite | View