Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2016-0753
Vulnerability from cvelistv5
Published
2016-02-16 02:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160125 [CVE-2016-0753] Possible Input Validation Circumvention in Active Model",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/14"
},
{
"name": "[ruby-security-ann] 20160125 [CVE-2016-0753] Possible Input Validation Circumvention in Active Model",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ"
},
{
"name": "openSUSE-SU-2016:0372",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name": "FEDORA-2016-94e71ee673",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
},
{
"name": "FEDORA-2016-73fe05d878",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html"
},
{
"name": "FEDORA-2016-cc465a34df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html"
},
{
"name": "SUSE-SU-2016:1146",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "1034816",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034816"
},
{
"name": "DSA-3464",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"name": "RHSA-2016:0296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
},
{
"name": "FEDORA-2016-eb4d6e8aab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html"
},
{
"name": "FEDORA-2016-cb30088b06",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html"
},
{
"name": "82247",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/82247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-09T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20160125 [CVE-2016-0753] Possible Input Validation Circumvention in Active Model",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/14"
},
{
"name": "[ruby-security-ann] 20160125 [CVE-2016-0753] Possible Input Validation Circumvention in Active Model",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ"
},
{
"name": "openSUSE-SU-2016:0372",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name": "FEDORA-2016-94e71ee673",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
},
{
"name": "FEDORA-2016-73fe05d878",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html"
},
{
"name": "FEDORA-2016-cc465a34df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html"
},
{
"name": "SUSE-SU-2016:1146",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "1034816",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034816"
},
{
"name": "DSA-3464",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"name": "RHSA-2016:0296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
},
{
"name": "FEDORA-2016-eb4d6e8aab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html"
},
{
"name": "FEDORA-2016-cb30088b06",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html"
},
{
"name": "82247",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/82247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160125 [CVE-2016-0753] Possible Input Validation Circumvention in Active Model",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/14"
},
{
"name": "[ruby-security-ann] 20160125 [CVE-2016-0753] Possible Input Validation Circumvention in Active Model",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ"
},
{
"name": "openSUSE-SU-2016:0372",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name": "FEDORA-2016-94e71ee673",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
},
{
"name": "FEDORA-2016-73fe05d878",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html"
},
{
"name": "FEDORA-2016-cc465a34df",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html"
},
{
"name": "SUSE-SU-2016:1146",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "1034816",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034816"
},
{
"name": "DSA-3464",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"name": "RHSA-2016:0296",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
},
{
"name": "FEDORA-2016-eb4d6e8aab",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html"
},
{
"name": "FEDORA-2016-cb30088b06",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html"
},
{
"name": "82247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0753",
"datePublished": "2016-02-16T02:00:00",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-08-05T22:30:04.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2016-0753\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-02-16T02:59:07.690\",\"lastModified\":\"2024-11-21T02:42:18.643\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.\"},{\"lang\":\"es\",\"value\":\"Active Model en Ruby on Rails 4.1.x en versiones anteriores a 4.1.14.1, 4.2.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 soporta el uso de los escritores a nivel de instancia para descriptores de acceso de clase, lo que permite a atacantes remotos eludir los pasos destinados a la validaci\u00f3n a trav\u00e9s de par\u00e1metros manipulados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1.0\",\"versionEndExcluding\":\"4.1.14.1\",\"matchCriteriaId\":\"368EF708-1502-4DC8-9374-724A6BF565DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndExcluding\":\"4.2.5.1\",\"matchCriteriaId\":\"B405A97A-7C41-4005-8E72-56F632D72B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF8F94CF-D504-4165-A69E-3F1198CB162A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253C303A-E577-4488-93E6-68A8DD942C38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-0296.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3464\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/01/25/14\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/82247\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1034816\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-0296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3464\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/01/25/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/82247\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1034816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]}]}}"
}
}
rhsa-2016_0296
Vulnerability from csaf_redhat
Published
2016-02-24 10:36
Modified
2024-12-15 18:43
Summary
Red Hat Security Advisory: rh-ror41 security update
Notes
Topic
Updated rh-ror41-rubygem-actionpack, rh-ror41-rubygem-actionview,
rh-ror41-rubygem-activemodel, and rh-ror41-rubygem-activerecord packages
that fix multiple security issues are now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails
is a model-view-controller (MVC) framework for web application development.
The following issue was corrected in rubygem-actionpack and
rubygem-actionview:
A directory traversal flaw was found in the way the Action View component
searched for templates for rendering. If an application passed untrusted
input to the 'render' method, a remote, unauthenticated attacker could use
this to render unexpected files and, possibly, execute arbitrary code.
(CVE-2016-0752)
The following issues were corrected in rubygem-actionpack:
A flaw was found in the way the Action Pack component performed MIME type
lookups. Since queries were cached in a global cache of MIME types, an
attacker could use this flaw to grow the cache indefinitely, potentially
resulting in a denial of service. (CVE-2016-0751)
A flaw was found in the Action Pack component's caching of controller
references. An attacker could use this flaw to cause unbounded memory
growth, potentially resulting in a denial of service. (CVE-2015-7581)
A flaw was found in the way the Action Controller component compared user
names and passwords when performing HTTP basic authentication. Time taken
to compare strings could differ depending on input, possibly allowing a
remote attacker to determine valid user names and passwords using a timing
attack. (CVE-2015-7576)
The following issue was corrected in rubygem-activerecord:
A flaw was found in the Active Record component's handling of nested
attributes in combination with the destroy flag. An attacker could possibly
use this flaw to set attributes to invalid values or clear all attributes.
(CVE-2015-7577)
The following issue was corrected in rubygem-activemodel and
rubygem-activerecord:
A flaw was found in the way the Active Model based models processed
attributes. An attacker with the ability to pass arbitrary attributes to
models could possibly use this flaw to bypass input validation.
(CVE-2016-0753)
Red Hat would like to thank the Ruby on Rails project for reporting these
issues. Upstream acknowledges John Poulin as the original reporter of
CVE-2016-0752, Aaron Patterson of Red Hat as the original reporter of
CVE-2016-0751, Daniel Waterworth as the original reporter of CVE-2015-7576,
Justin Coyne as the original reporter of CVE-2015-7577, and John Backus
from BlockScore as the original reporter of CVE-2016-0753.
All rh-ror41 collection rubygem-actionpack, rubygem-actionview,
rubygem-activemodel, and rubygem-activerecord packages users are advised to
upgrade to these updated packages, which contain backported patches to
correct these issues. All running applications using the rh-ror41
collection must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rh-ror41-rubygem-actionpack, rh-ror41-rubygem-actionview,\nrh-ror41-rubygem-activemodel, and rh-ror41-rubygem-activerecord packages\nthat fix multiple security issues are now available for Red Hat Software\nCollections.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails\nis a model-view-controller (MVC) framework for web application development.\n\nThe following issue was corrected in rubygem-actionpack and\nrubygem-actionview:\n\nA directory traversal flaw was found in the way the Action View component\nsearched for templates for rendering. If an application passed untrusted\ninput to the \u0027render\u0027 method, a remote, unauthenticated attacker could use\nthis to render unexpected files and, possibly, execute arbitrary code.\n(CVE-2016-0752)\n\nThe following issues were corrected in rubygem-actionpack:\n\nA flaw was found in the way the Action Pack component performed MIME type\nlookups. Since queries were cached in a global cache of MIME types, an\nattacker could use this flaw to grow the cache indefinitely, potentially\nresulting in a denial of service. (CVE-2016-0751)\n\nA flaw was found in the Action Pack component\u0027s caching of controller\nreferences. An attacker could use this flaw to cause unbounded memory\ngrowth, potentially resulting in a denial of service. (CVE-2015-7581)\n\nA flaw was found in the way the Action Controller component compared user\nnames and passwords when performing HTTP basic authentication. Time taken\nto compare strings could differ depending on input, possibly allowing a\nremote attacker to determine valid user names and passwords using a timing\nattack. (CVE-2015-7576)\n\nThe following issue was corrected in rubygem-activerecord:\n\nA flaw was found in the Active Record component\u0027s handling of nested\nattributes in combination with the destroy flag. An attacker could possibly\nuse this flaw to set attributes to invalid values or clear all attributes.\n(CVE-2015-7577)\n\nThe following issue was corrected in rubygem-activemodel and\nrubygem-activerecord:\n\nA flaw was found in the way the Active Model based models processed\nattributes. An attacker with the ability to pass arbitrary attributes to\nmodels could possibly use this flaw to bypass input validation.\n(CVE-2016-0753)\n\nRed Hat would like to thank the Ruby on Rails project for reporting these\nissues. Upstream acknowledges John Poulin as the original reporter of\nCVE-2016-0752, Aaron Patterson of Red Hat as the original reporter of\nCVE-2016-0751, Daniel Waterworth as the original reporter of CVE-2015-7576,\nJustin Coyne as the original reporter of CVE-2015-7577, and John Backus\nfrom BlockScore as the original reporter of CVE-2016-0753.\n\nAll rh-ror41 collection rubygem-actionpack, rubygem-actionview,\nrubygem-activemodel, and rubygem-activerecord packages users are advised to\nupgrade to these updated packages, which contain backported patches to\ncorrect these issues. All running applications using the rh-ror41\ncollection must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:0296",
"url": "https://access.redhat.com/errata/RHSA-2016:0296"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1301933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933"
},
{
"category": "external",
"summary": "1301946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946"
},
{
"category": "external",
"summary": "1301957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957"
},
{
"category": "external",
"summary": "1301963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963"
},
{
"category": "external",
"summary": "1301973",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301973"
},
{
"category": "external",
"summary": "1301981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301981"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0296.json"
}
],
"title": "Red Hat Security Advisory: rh-ror41 security update",
"tracking": {
"current_release_date": "2024-12-15T18:43:39+00:00",
"generator": {
"date": "2024-12-15T18:43:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2016:0296",
"initial_release_date": "2016-02-24T10:36:00+00:00",
"revision_history": [
{
"date": "2016-02-24T10:36:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-02-24T10:36:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-15T18:43:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"product_id": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionview-doc@4.1.5-4.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"product_id": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionview@4.1.5-4.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"product_id": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activemodel@4.1.5-2.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"product_id": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activemodel-doc@4.1.5-2.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"product_id": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionpack-doc@4.1.5-3.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"product_id": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionpack@4.1.5-3.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"product_id": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activerecord@4.1.5-2.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"product_id": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activerecord-doc@4.1.5-2.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"product_id": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activesupport@4.1.5-3.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"product_id": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionview@4.1.5-4.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"product_id": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionview-doc@4.1.5-4.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"product_id": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activemodel-doc@4.1.5-2.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"product_id": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activemodel@4.1.5-2.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"product_id": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionpack-doc@4.1.5-3.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"product_id": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionpack@4.1.5-3.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"product_id": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activerecord@4.1.5-2.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"product_id": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activerecord-doc@4.1.5-2.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"product_id": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activesupport@4.1.5-3.el6?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"product": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"product_id": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionview@4.1.5-4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"product": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"product_id": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activemodel@4.1.5-2.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"product": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"product_id": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionpack@4.1.5-3.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"product": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"product_id": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activerecord@4.1.5-2.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"product": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"product_id": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activesupport@4.1.5-3.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"product": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"product_id": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionview@4.1.5-4.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"product": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"product_id": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activemodel@4.1.5-2.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"product": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"product_id": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionpack@4.1.5-3.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"product": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"product_id": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activerecord@4.1.5-2.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"product": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"product_id": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activesupport@4.1.5-3.el6?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Daniel Waterworth"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-7576",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301933"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7576"
},
{
"category": "external",
"summary": "RHBZ#1301933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7576"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-02-24T10:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0296"
},
{
"category": "workaround",
"details": "Use following code to monkey-patch http_basic_authenticate_with method in ActionController:\n\n~~~\nmodule ActiveSupport\n module SecurityUtils\n def secure_compare(a, b)\n return false unless a.bytesize == b.bytesize\n\n l = a.unpack \"C#{a.bytesize}\"\n\n res = 0\n b.each_byte { |byte| res |= byte ^ l.shift }\n res == 0\n end\n module_function :secure_compare\n\n def variable_size_secure_compare(a, b)\n secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))\n end\n module_function :variable_size_secure_compare\n end\nend\n\nmodule ActionController\n class Base\n def self.http_basic_authenticate_with(options = {})\n before_action(options.except(:name, :password, :realm)) do\n authenticate_or_request_with_http_basic(options[:realm] || \"Application\") do |name, password|\n # This comparison uses \u0026 so that it doesn\u0027t short circuit and\n # uses `variable_size_secure_compare` so that length information\n # isn\u0027t leaked.\n ActiveSupport::SecurityUtils.variable_size_secure_compare(name, options[:name]) \u0026\n ActiveSupport::SecurityUtils.variable_size_secure_compare(password, options[:password])\n end\n end\n end\n end\nend\n~~~",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Justin Coyne"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-7577",
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Active Record component\u0027s handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-activerecord: Nested attributes rejection proc bypass in Active Record",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7577"
},
{
"category": "external",
"summary": "RHBZ#1301957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7577"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-02-24T10:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0296"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-activerecord: Nested attributes rejection proc bypass in Active Record"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
}
],
"cve": "CVE-2015-7581",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301981"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Action Pack component\u0027s caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7581"
},
{
"category": "external",
"summary": "RHBZ#1301981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301981"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7581",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7581"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-02-24T10:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0296"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Aaron Patterson"
],
"organization": "Red Hat",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-0751",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: possible object leak and denial of service attack in Action Pack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0751"
},
{
"category": "external",
"summary": "RHBZ#1301946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-02-24T10:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0296"
},
{
"category": "workaround",
"details": "Use following code to monkey-patch mime types cache and disable caching.\n\n```\nrequire \u0027action_dispatch/http/mime_type\u0027\n\nMime.const_set :LOOKUP, Hash.new { |h,k|\n Mime::Type.new(k) unless k.blank?\n} \n```\n\nAlternatively perform filtering of mime types in the Accept header to allow only known types.",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: possible object leak and denial of service attack in Action Pack"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"John Poulin"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-0752",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301963"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: directory traversal flaw in Action View",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0752"
},
{
"category": "external",
"summary": "RHBZ#1301963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ"
},
{
"category": "external",
"summary": "https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/",
"url": "https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-02-24T10:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0296"
},
{
"category": "workaround",
"details": "Avoid passing untrusted input to render method, or verify the input using whitelist before passing it to the render method:\n\n```\n\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n\n```",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-actionpack: directory traversal flaw in Action View"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"John Backus"
],
"organization": "BlockScore",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-0753",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301973"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Active Model based models processed attributes. An attacker with the ability to pass arbitrary attributes to models could possibly use this flaw to bypass input validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-activerecord: possible input validation circumvention in Active Model",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0753"
},
{
"category": "external",
"summary": "RHBZ#1301973",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301973"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0753",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0753"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0753",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0753"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/6jQVC1geukQ/8oYETcxbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/6jQVC1geukQ/8oYETcxbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-02-24T10:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0296"
},
{
"category": "workaround",
"details": "Do not allow arbitrary attributes to be passed to models. In Rails with Strong Parameters, make sure to not call permit! method, which bypasses strong parameters protections. Outside of rails, use whitelisting to filter only allowed attributes before passing them to models.",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-activerecord: possible input validation circumvention in Active Model"
}
]
}
gsd-2016-0753
Vulnerability from gsd
Modified
2016-01-25 00:00
Details
There is a possible input validation circumvention vulnerability in Active
Model. This vulnerability has been assigned the CVE identifier CVE-2016-0753.
Versions Affected: 4.1.0 and newer
Not affected: 4.0.13 and older
Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1
Impact
------
Code that uses Active Model based models (including Active Record models) and
does not validate user input before passing it to the model can be subject to
an attack where specially crafted input will cause the model to skip
validations.
Vulnerable code will look something like this:
```ruby
SomeModel.new(unverified_user_input)
```
Rails users using Strong Parameters are generally not impacted by this issue
as they are encouraged to whitelist parameters and must specifically opt-out
of input verification using the `permit!` method to allow mass assignment.
For example, a vulnerable Rails application will have code that looks like
this:
```ruby
def create
params.permit! # allow all parameters
@user = User.new params[:users]
end
```
Active Model and Active Record objects are not equipped to handle arbitrary
user input. It is up to the application to verify input before passing it to
Active Model models. Rails users already have Strong Parameters in place to
handle white listing, but applications using Active Model and Active Record
outside of a Rails environment may be impacted.
All users running an affected release should either upgrade or use one of the
workarounds immediately.
Releases
--------
The FIXED releases are available at the normal locations.
Workarounds
-----------
There are several workarounds depending on the application. Inside a Rails
application, stop using `permit!`. Outside a Rails application, either use
Hash#slice to select the parameters you need, or integrate Strong Parameters
with your application.
Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.
* 4-1-validation_skip.patch - Patch for 4.1 series
* 4-2-validation_skip.patch - Patch for 4.2 series
* 5-0-validation_skip.patch - Patch for 5.0 series
Please note that only the 4.1.x and 4.2.x series are supported at present. Users
of earlier unsupported releases are advised to upgrade as soon as possible as we
cannot guarantee the continued availability of security fixes for unsupported
releases.
Credits
-------
Thanks to:
[John Backus](https://github.com/backus) from BlockScore for reporting this!
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-0753",
"description": "Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.",
"id": "GSD-2016-0753",
"references": [
"https://www.suse.com/security/cve/CVE-2016-0753.html",
"https://www.debian.org/security/2016/dsa-3464",
"https://access.redhat.com/errata/RHSA-2016:0296"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "activemodel",
"purl": "pkg:gem/activemodel"
}
}
],
"aliases": [
"CVE-2016-0753",
"GHSA-543v-gj2c-r3ch"
],
"details": "There is a possible input validation circumvention vulnerability in Active\nModel. This vulnerability has been assigned the CVE identifier CVE-2016-0753.\n\nVersions Affected: 4.1.0 and newer\nNot affected: 4.0.13 and older\nFixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1\n\nImpact\n------\nCode that uses Active Model based models (including Active Record models) and\ndoes not validate user input before passing it to the model can be subject to\nan attack where specially crafted input will cause the model to skip\nvalidations.\n\nVulnerable code will look something like this:\n\n```ruby\nSomeModel.new(unverified_user_input)\n```\n\nRails users using Strong Parameters are generally not impacted by this issue\nas they are encouraged to whitelist parameters and must specifically opt-out\nof input verification using the `permit!` method to allow mass assignment.\n\nFor example, a vulnerable Rails application will have code that looks like\nthis:\n\n```ruby\ndef create\n params.permit! # allow all parameters\n @user = User.new params[:users]\nend\n```\n\nActive Model and Active Record objects are not equipped to handle arbitrary\nuser input. It is up to the application to verify input before passing it to\nActive Model models. Rails users already have Strong Parameters in place to\nhandle white listing, but applications using Active Model and Active Record\noutside of a Rails environment may be impacted.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are several workarounds depending on the application. Inside a Rails\napplication, stop using `permit!`. Outside a Rails application, either use\nHash#slice to select the parameters you need, or integrate Strong Parameters\nwith your application.\n\nPatches\n-------\nTo aid users who aren\u0027t able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 4-1-validation_skip.patch - Patch for 4.1 series\n* 4-2-validation_skip.patch - Patch for 4.2 series\n* 5-0-validation_skip.patch - Patch for 5.0 series\n\nPlease note that only the 4.1.x and 4.2.x series are supported at present. Users\nof earlier unsupported releases are advised to upgrade as soon as possible as we\ncannot guarantee the continued availability of security fixes for unsupported\nreleases.\n\nCredits\n-------\nThanks to:\n\n[John Backus](https://github.com/backus) from BlockScore for reporting this!\n",
"id": "GSD-2016-0753",
"modified": "2016-01-25T00:00:00.000Z",
"published": "2016-01-25T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 5.0,
"type": "CVSS_V2"
},
{
"score": 5.3,
"type": "CVSS_V3"
}
],
"summary": "Possible Input Validation Circumvention in Active Model"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160125 [CVE-2016-0753] Possible Input Validation Circumvention in Active Model",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/14"
},
{
"name": "[ruby-security-ann] 20160125 [CVE-2016-0753] Possible Input Validation Circumvention in Active Model",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ"
},
{
"name": "openSUSE-SU-2016:0372",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name": "FEDORA-2016-94e71ee673",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
},
{
"name": "FEDORA-2016-73fe05d878",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html"
},
{
"name": "FEDORA-2016-cc465a34df",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html"
},
{
"name": "SUSE-SU-2016:1146",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "1034816",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034816"
},
{
"name": "DSA-3464",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"name": "RHSA-2016:0296",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
},
{
"name": "FEDORA-2016-eb4d6e8aab",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html"
},
{
"name": "FEDORA-2016-cb30088b06",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html"
},
{
"name": "82247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82247"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2016-0753",
"cvss_v2": 5.0,
"cvss_v3": 5.3,
"date": "2016-01-25",
"description": "There is a possible input validation circumvention vulnerability in Active\nModel. This vulnerability has been assigned the CVE identifier CVE-2016-0753.\n\nVersions Affected: 4.1.0 and newer\nNot affected: 4.0.13 and older\nFixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1\n\nImpact\n------\nCode that uses Active Model based models (including Active Record models) and\ndoes not validate user input before passing it to the model can be subject to\nan attack where specially crafted input will cause the model to skip\nvalidations.\n\nVulnerable code will look something like this:\n\n```ruby\nSomeModel.new(unverified_user_input)\n```\n\nRails users using Strong Parameters are generally not impacted by this issue\nas they are encouraged to whitelist parameters and must specifically opt-out\nof input verification using the `permit!` method to allow mass assignment.\n\nFor example, a vulnerable Rails application will have code that looks like\nthis:\n\n```ruby\ndef create\n params.permit! # allow all parameters\n @user = User.new params[:users]\nend\n```\n\nActive Model and Active Record objects are not equipped to handle arbitrary\nuser input. It is up to the application to verify input before passing it to\nActive Model models. Rails users already have Strong Parameters in place to\nhandle white listing, but applications using Active Model and Active Record\noutside of a Rails environment may be impacted.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are several workarounds depending on the application. Inside a Rails\napplication, stop using `permit!`. Outside a Rails application, either use\nHash#slice to select the parameters you need, or integrate Strong Parameters\nwith your application.\n\nPatches\n-------\nTo aid users who aren\u0027t able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 4-1-validation_skip.patch - Patch for 4.1 series\n* 4-2-validation_skip.patch - Patch for 4.2 series\n* 5-0-validation_skip.patch - Patch for 5.0 series\n\nPlease note that only the 4.1.x and 4.2.x series are supported at present. Users\nof earlier unsupported releases are advised to upgrade as soon as possible as we\ncannot guarantee the continued availability of security fixes for unsupported\nreleases.\n\nCredits\n-------\nThanks to:\n\n[John Backus](https://github.com/backus) from BlockScore for reporting this!\n",
"framework": "rails",
"gem": "activemodel",
"ghsa": "543v-gj2c-r3ch",
"patched_versions": [
"\u003e= 5.0.0.beta1.1",
"~\u003e 4.2.5, \u003e= 4.2.5.1",
"~\u003e 4.1.14, \u003e= 4.1.14.1"
],
"title": "Possible Input Validation Circumvention in Active Model",
"unaffected_versions": [
"\u003c= 4.0.13"
],
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=5.0.0.alpha \u003c5.0.0.beta1.1||\u003e=4.2.0.alpha \u003c4.2.5.1||\u003e=4.1.0.alpha \u003c4.1.14.1",
"affected_versions": "All versions starting from 5.0.0.alpha before 5.0.0.beta1.1, all versions starting from 4.2.0.alpha before 4.2.5.1, all versions starting from 4.1.0.alpha before 4.1.14.1",
"credit": "John Backus",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2019-08-08",
"description": "Code that uses Active Model based models (including Active Record models) and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacted by this issue as they are encouraged to allow parameters and must specifically opt-out of input verification using the `permit!` method to allow mass assignment. ",
"fixed_versions": [
"4.1.14.1",
"4.2.5.1",
"5.0.0.beta1.1"
],
"identifier": "CVE-2016-0753",
"identifiers": [
"CVE-2016-0753"
],
"not_impacted": "4.0.x and older",
"package_slug": "gem/activemodel",
"pubdate": "2016-02-15",
"solution": "Upgrade to latest, apply patches or use workaround. See provided link.",
"title": "Possible Input Validation Circumvention",
"urls": [
"https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ"
],
"uuid": "14fff4ba-142e-4bfc-ba9c-3c6c497218a3"
},
{
"affected_range": "\u003e=4.0.0 \u003c=5.0.0",
"affected_versions": "All versions starting from 4.0.0 up to 5.0.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2019-08-08",
"description": "The Rails gem supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.",
"fixed_versions": [
"5.0.1"
],
"identifier": "CVE-2016-0753",
"identifiers": [
"CVE-2016-0753"
],
"not_impacted": "All versions before 4.0.0, all versions after 5.0.0",
"package_slug": "gem/rails",
"pubdate": "2016-02-16",
"solution": "Upgrade to versions 5.0.1 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2016-0753"
],
"uuid": "dbb908e7-6b6d-4769-ba23-b4451562c77d"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.14.1",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.5.1",
"versionStartIncluding": "4.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0753"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[ruby-security-ann] 20160125 [CVE-2016-0753] Possible Input Validation Circumvention in Active Model",
"refsource": "MLIST",
"tags": [
"Broken Link"
],
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ"
},
{
"name": "[oss-security] 20160125 [CVE-2016-0753] Possible Input Validation Circumvention in Active Model",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/14"
},
{
"name": "82247",
"refsource": "BID",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/82247"
},
{
"name": "FEDORA-2016-73fe05d878",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html"
},
{
"name": "SUSE-SU-2016:1146",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "FEDORA-2016-94e71ee673",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
},
{
"name": "FEDORA-2016-cb30088b06",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html"
},
{
"name": "RHSA-2016:0296",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
},
{
"name": "FEDORA-2016-cc465a34df",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html"
},
{
"name": "FEDORA-2016-eb4d6e8aab",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html"
},
{
"name": "openSUSE-SU-2016:0372",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name": "DSA-3464",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"name": "1034816",
"refsource": "SECTRACK",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034816"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM"
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-05-19T16:36Z",
"publishedDate": "2016-02-16T02:59Z"
}
}
}
ghsa-543v-gj2c-r3ch
Vulnerability from github
Published
2017-10-24 18:33
Modified
2023-06-30 21:32
Severity ?
Summary
activemodel contains Improper Input Validation
Details
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.14.0"
},
"package": {
"ecosystem": "RubyGems",
"name": "activemodel"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0"
},
{
"fixed": "4.1.14.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.5.0"
},
"package": {
"ecosystem": "RubyGems",
"name": "activemodel"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0"
},
{
"fixed": "4.2.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-0753"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T20:59:56Z",
"nvd_published_at": "2016-02-16T02:59:07Z",
"severity": "MODERATE"
},
"details": "Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.",
"id": "GHSA-543v-gj2c-r3ch",
"modified": "2023-06-30T21:32:03Z",
"published": "2017-10-24T18:33:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0753"
},
{
"type": "PACKAGE",
"url": "https://github.com/rails/rails"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "activemodel contains Improper Input Validation"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.