Action not permitted
Modal body text goes here.
cve-2014-0057
Vulnerability from cvelistv5
Published
2014-03-18 14:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0215",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
},
{
"name": "57376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57376"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-18T12:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0215",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
},
{
"name": "57376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57376"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0057",
"datePublished": "2014-03-18T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2014-0057\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-03-18T17:02:52.887\",\"lastModified\":\"2023-02-13T00:30:57.573\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"El m\u00e9todo x_button en el controlador de servicio (vmdb/app/controllers/service_controller.rb) en Red Hat CloudForms 3.0 Management Engine 5.2 permite a atacantes remotos ejecutar m\u00e9todos arbitrarios a trav\u00e9s de vectores no especificados.\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cloudforms:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E497C765-C720-4566-BB73-705C36AEA59A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D21CFAD1-5422-4595-841D-A80F940B1545\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0215.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/57376\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1064140\",\"source\":\"secalert@redhat.com\"}]}}"
}
}
rhsa-2014_0215
Vulnerability from csaf_redhat
Published
2014-03-11 16:56
Modified
2024-11-22 07:31
Summary
Red Hat Security Advisory: cfme security, bug fix, and enhancement update
Notes
Topic
Updated cfme packages that fix multiple security issues, several bugs, and
add various enhancements are now available for Red Hat CloudForms 3.0.
The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat CloudForms Management Engine delivers the insight, control, and
automation enterprises need to address the challenges of managing virtual
environments, which are far more complex than physical ones. This
technology enables enterprises with existing virtual infrastructures
to improve visibility and control, and those just starting virtualization
deployments to build and operate a well-managed virtual infrastructure.
A buffer overflow flaw was found in the way Ruby parsed floating point
numbers from their text representation. If an application using Ruby
accepted untrusted input strings and converted them to floating point
numbers, an attacker able to provide such input could cause the application
to crash or, possibly, execute arbitrary code with the privileges of the
application. (CVE-2013-4164)
It was found that Red Hat CloudForms Management Engine did not properly
sanitize user-supplied values in the ServiceController. A remote attacker
could invoke arbitrary method calls in the application controller that, due
to a lack of sanitization, could allow access to private methods that could
possibly allow the attacker to execute arbitrary code on the host system.
(CVE-2014-0057)
It was found that several number conversion helpers in Action View did not
properly escape all their parameters. An attacker could use these flaws to
perform a cross-site scripting (XSS) attack on an application that uses
data submitted by a user as parameters to the affected helpers.
(CVE-2014-0081)
A memory consumption issue was discovered in the text rendering component
of Action View. A remote attacker could use this flaw to perform a denial
of service attack by sending specially crafted queries that would result in
the creation of Ruby symbols that were never garbage collected.
(CVE-2014-0082)
Red Hat would like to thank the Ruby on Rails Project for reporting
CVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as
the original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the
original reporter of CVE-2014-0082. The CVE-2014-0057 issue was discovered
by Jan Rusnacko of the Red Hat Product Security Team.
This update fixes several bugs and adds multiple enhancements.
Documentation for these changes will be available shortly from the Red Hat
CloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the
References section.
All users of Red Hat CloudForms are advised to upgrade to these updated
packages, which contain backported patches to correct these issues and add
these enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated cfme packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat CloudForms 3.0.\n\nThe Red Hat Security Response Team has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat CloudForms Management Engine delivers the insight, control, and\nautomation enterprises need to address the challenges of managing virtual\nenvironments, which are far more complex than physical ones. This\ntechnology enables enterprises with existing virtual infrastructures\nto improve visibility and control, and those just starting virtualization\ndeployments to build and operate a well-managed virtual infrastructure.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\napplication. (CVE-2013-4164)\n\nIt was found that Red Hat CloudForms Management Engine did not properly\nsanitize user-supplied values in the ServiceController. A remote attacker\ncould invoke arbitrary method calls in the application controller that, due\nto a lack of sanitization, could allow access to private methods that could\npossibly allow the attacker to execute arbitrary code on the host system.\n(CVE-2014-0057)\n\nIt was found that several number conversion helpers in Action View did not\nproperly escape all their parameters. An attacker could use these flaws to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user as parameters to the affected helpers.\n(CVE-2014-0081)\n\nA memory consumption issue was discovered in the text rendering component\nof Action View. A remote attacker could use this flaw to perform a denial\nof service attack by sending specially crafted queries that would result in\nthe creation of Ruby symbols that were never garbage collected.\n(CVE-2014-0082)\n\nRed Hat would like to thank the Ruby on Rails Project for reporting\nCVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as\nthe original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the\noriginal reporter of CVE-2014-0082. The CVE-2014-0057 issue was discovered\nby Jan Rusnacko of the Red Hat Product Security Team.\n\nThis update fixes several bugs and adds multiple enhancements.\nDocumentation for these changes will be available shortly from the Red Hat\nCloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the\nReferences section.\n\nAll users of Red Hat CloudForms are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and add\nthese enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0215",
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html"
},
{
"category": "external",
"summary": "1033460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033460"
},
{
"category": "external",
"summary": "1064140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
},
{
"category": "external",
"summary": "1065520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
},
{
"category": "external",
"summary": "1065538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0215.json"
}
],
"title": "Red Hat Security Advisory: cfme security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T07:31:55+00:00",
"generator": {
"date": "2024-11-22T07:31:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2014:0215",
"initial_release_date": "2014-03-11T16:56:48+00:00",
"revision_history": [
{
"date": "2014-03-11T16:56:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-03-11T16:56:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T07:31:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Management Engine",
"product": {
"name": "Management Engine",
"product_id": "6Server-CFME",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat CloudForms"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"product": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"product_id": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri@1.5.6-3.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"product_id": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-excon@0.31.0-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"product_id": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bunny@1.0.7-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"product_id": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-fog@1.19.0-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"product_id": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-more_core_extensions@1.1.2-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"product": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"product_id": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-linux_admin@0.7.0-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"product_id": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.13-5.el6cf?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"product": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"product_id": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol@1.9.2-3.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"product": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"product_id": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby@1.9.3.448-40.1.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.2.2.3-1.el6cf.src",
"product": {
"name": "cfme-0:5.2.2.3-1.el6cf.src",
"product_id": "cfme-0:5.2.2.3-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.2.2.3-1.el6cf?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"product": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"product_id": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri@1.5.6-3.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"product": {
"name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"product_id": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri-debuginfo@1.5.6-3.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-libs@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-devel@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-tcltk@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"product": {
"name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"product_id": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-debuginfo@1.9.3.448-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"product": {
"name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"product_id": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-io-console@0.3-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"product": {
"name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"product_id": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bigdecimal@1.1.0-40.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-lib@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-debuginfo@5.2.2.3-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"product": {
"name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"product_id": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-cfme-host@5.2.2.3-1.el6cf?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"product_id": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-excon@0.31.0-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"product_id": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bunny-doc@1.0.7-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"product_id": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-bunny@1.0.7-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"product_id": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-fog@1.19.0-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"product_id": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-more_core_extensions@1.1.2-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"product_id": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-linux_admin@0.7.0-1.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"product_id": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.13-5.el6cf?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"product_id": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol@1.9.2-3.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"product": {
"name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"product_id": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol-doc@1.9.2-3.el6cf?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"product": {
"name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"product_id": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygems-devel@1.8.23-40.1.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"product": {
"name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"product_id": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygems@1.8.23-40.1.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"product": {
"name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"product_id": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-ruby-irb@1.9.3.448-40.1.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.2.2.3-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src"
},
"product_reference": "cfme-0:5.2.2.3-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64"
},
"product_reference": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src"
},
"product_reference": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch"
},
"product_reference": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64"
},
"product_reference": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src"
},
"product_reference": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64"
},
"product_reference": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64"
},
"product_reference": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch"
},
"product_reference": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src"
},
"product_reference": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src"
},
"product_reference": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64"
},
"product_reference": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64 as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64"
},
"product_reference": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch"
},
"product_reference": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"relates_to_product_reference": "6Server-CFME"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch as a component of Management Engine",
"product_id": "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
},
"product_reference": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
"relates_to_product_reference": "6Server-CFME"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"David Jorm"
],
"organization": "Red Hat Security Response Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2013-0186",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "895346"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EVM: Stored XSS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0186"
},
{
"category": "external",
"summary": "RHBZ#895346",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=895346"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0186",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0186"
}
],
"release_date": "2014-03-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EVM: Stored XSS"
},
{
"cve": "CVE-2013-4164",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2013-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1033460"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: heap overflow in floating point parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4164"
},
{
"category": "external",
"summary": "RHBZ#1033460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4164",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4164"
}
],
"release_date": "2013-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "ruby: heap overflow in floating point parsing"
},
{
"acknowledgments": [
{
"names": [
"Jan Rusnacko"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-0057",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2014-02-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1064140"
}
],
"notes": [
{
"category": "description",
"text": "The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CFME: Dangerous send in ServiceController",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0057"
},
{
"category": "external",
"summary": "RHBZ#1064140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0057",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0057"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0057",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0057"
}
],
"release_date": "2014-03-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CFME: Dangerous send in ServiceController"
},
{
"acknowledgments": [
{
"names": [
"Ruby on Rails Project"
]
},
{
"names": [
"Kevin Reintjes"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0081",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2014-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065520"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0081"
},
{
"category": "external",
"summary": "RHBZ#1065520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0081",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081"
}
],
"release_date": "2014-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Ruby on Rails Project"
]
},
{
"names": [
"Toby Hsieh"
],
"organization": "SlideShare",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0082",
"discovery_date": "2014-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065538"
}
],
"notes": [
{
"category": "description",
"text": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Action View string handling denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0082"
},
{
"category": "external",
"summary": "RHBZ#1065538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0082",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082"
}
],
"release_date": "2014-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-03-11T16:56:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
"6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
"6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
"6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
"6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
"6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
"6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
"6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: Action View string handling denial of service"
}
]
}
gsd-2014-0057
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-0057",
"description": "The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.",
"id": "GSD-2014-0057",
"references": [
"https://access.redhat.com/errata/RHSA-2014:0215"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-0057"
],
"details": "The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.",
"id": "GSD-2014-0057",
"modified": "2023-12-13T01:22:44.148764Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rhn.redhat.com/errata/RHSA-2014-0215.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"name": "http://secunia.com/advisories/57376",
"refsource": "MISC",
"url": "http://secunia.com/advisories/57376"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:cloudforms:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0057"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57376",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57376"
},
{
"name": "RHSA-2014:0215",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T00:30Z",
"publishedDate": "2014-03-18T17:02Z"
}
}
}
ghsa-6m4c-55qp-f477
Vulnerability from github
Published
2022-05-17 04:49
Modified
2022-05-17 04:49
Details
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2014-0057"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-03-18T17:02:00Z",
"severity": "HIGH"
},
"details": "The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.",
"id": "GHSA-6m4c-55qp-f477",
"modified": "2022-05-17T04:49:03Z",
"published": "2022-05-17T04:49:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0057"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2014-0057"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57376"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.