CVE-2013-6415

Related Files

Red Hat Security Advisory 2014-1863-01

Posted Nov 17, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1863-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. Red Hat Subscription Asset Manager is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request.

tags | advisory, remote, web, arbitrary, local, ruby

systems | linux, redhat

advisories | CVE-2013-1854, CVE-2013-1855, CVE-2013-1857, CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2014-0130

MD5 | 00d22ecd2ee2ba85afb7d80233f704fb

Download | Favorite | View

Debian Security Advisory 2888-1

Posted Mar 28, 2014

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2888-1 - Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack.

tags | advisory, denial of service, vulnerability, xss, ruby

systems | linux, debian

advisories | CVE-2013-4389, CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2013-6417

MD5 | 50af68b6056896c76834c7995af29ced

Download | Favorite | View

Red Hat Security Advisory 2014-0008-01

Posted Jan 6, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0008-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A flaw was found in the way Ruby on Rails performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155.

tags | advisory, web, ruby

systems | linux, redhat

advisories | CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2013-6417

MD5 | 5ae558b60f8f872d3c4e01d807d8de86

Download | Favorite | View

Red Hat Security Advisory 2013-1794-01

Posted Dec 6, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1794-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A flaw was found in the way Ruby on Rails performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155.

tags | advisory, web, ruby

systems | linux, redhat

advisories | CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2013-6417

MD5 | 64416d97c3bb0323fdf7b8979b7e68c1

Download | Favorite | View