rhsa-2014_0215
Vulnerability from csaf_redhat
Published
2014-03-11 16:56
Modified
2024-11-22 07:31
Summary
Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Notes

Topic
Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Details
Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve visibility and control, and those just starting virtualization deployments to build and operate a well-managed virtual infrastructure. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2013-4164) It was found that Red Hat CloudForms Management Engine did not properly sanitize user-supplied values in the ServiceController. A remote attacker could invoke arbitrary method calls in the application controller that, due to a lack of sanitization, could allow access to private methods that could possibly allow the attacker to execute arbitrary code on the host system. (CVE-2014-0057) It was found that several number conversion helpers in Action View did not properly escape all their parameters. An attacker could use these flaws to perform a cross-site scripting (XSS) attack on an application that uses data submitted by a user as parameters to the affected helpers. (CVE-2014-0081) A memory consumption issue was discovered in the text rendering component of Action View. A remote attacker could use this flaw to perform a denial of service attack by sending specially crafted queries that would result in the creation of Ruby symbols that were never garbage collected. (CVE-2014-0082) Red Hat would like to thank the Ruby on Rails Project for reporting CVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as the original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the original reporter of CVE-2014-0082. The CVE-2014-0057 issue was discovered by Jan Rusnacko of the Red Hat Product Security Team. This update fixes several bugs and adds multiple enhancements. Documentation for these changes will be available shortly from the Red Hat CloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the References section. All users of Red Hat CloudForms are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated cfme packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat CloudForms 3.0.\n\nThe Red Hat Security Response Team has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat CloudForms Management Engine delivers the insight, control, and\nautomation enterprises need to address the challenges of managing virtual\nenvironments, which are far more complex than physical ones. This\ntechnology enables enterprises with existing virtual infrastructures\nto improve visibility and control, and those just starting virtualization\ndeployments to build and operate a well-managed virtual infrastructure.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\napplication. (CVE-2013-4164)\n\nIt was found that Red Hat CloudForms Management Engine did not properly\nsanitize user-supplied values in the ServiceController. A remote attacker\ncould invoke arbitrary method calls in the application controller that, due\nto a lack of sanitization, could allow access to private methods that could\npossibly allow the attacker to execute arbitrary code on the host system.\n(CVE-2014-0057)\n\nIt was found that several number conversion helpers in Action View did not\nproperly escape all their parameters. An attacker could use these flaws to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user as parameters to the affected helpers.\n(CVE-2014-0081)\n\nA memory consumption issue was discovered in the text rendering component\nof Action View. A remote attacker could use this flaw to perform a denial\nof service attack by sending specially crafted queries that would result in\nthe creation of Ruby symbols that were never garbage collected.\n(CVE-2014-0082)\n\nRed Hat would like to thank the Ruby on Rails Project for reporting\nCVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as\nthe original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the\noriginal reporter of CVE-2014-0082. The CVE-2014-0057 issue was discovered\nby Jan Rusnacko of the Red Hat Product Security Team.\n\nThis update fixes several bugs and adds multiple enhancements.\nDocumentation for these changes will be available shortly from the Red Hat\nCloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the\nReferences section.\n\nAll users of Red Hat CloudForms are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and add\nthese enhancements.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2014:0215",
        "url": "https://access.redhat.com/errata/RHSA-2014:0215"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html",
        "url": "https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html"
      },
      {
        "category": "external",
        "summary": "1033460",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033460"
      },
      {
        "category": "external",
        "summary": "1064140",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
      },
      {
        "category": "external",
        "summary": "1065520",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
      },
      {
        "category": "external",
        "summary": "1065538",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0215.json"
      }
    ],
    "title": "Red Hat Security Advisory: cfme security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-22T07:31:55+00:00",
      "generator": {
        "date": "2024-11-22T07:31:55+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2014:0215",
      "initial_release_date": "2014-03-11T16:56:48+00:00",
      "revision_history": [
        {
          "date": "2014-03-11T16:56:48+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2014-03-11T16:56:48+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T07:31:55+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Management Engine",
                "product": {
                  "name": "Management Engine",
                  "product_id": "6Server-CFME",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat CloudForms"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
                "product": {
                  "name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
                  "product_id": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri@1.5.6-3.el6cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
                "product": {
                  "name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
                  "product_id": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-excon@0.31.0-1.el6cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
                "product": {
                  "name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
                  "product_id": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-bunny@1.0.7-1.el6cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
                "product": {
                  "name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
                  "product_id": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-fog@1.19.0-1.el6cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
                "product": {
                  "name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
                  "product_id": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-more_core_extensions@1.1.2-1.el6cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
                "product": {
                  "name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
                  "product_id": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-linux_admin@0.7.0-1.el6cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
                "product": {
                  "name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
                  "product_id": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.13-5.el6cf?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
                "product": {
                  "name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
                  "product_id": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol@1.9.2-3.el6cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
                "product": {
                  "name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
                  "product_id": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby@1.9.3.448-40.1.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-0:5.2.2.3-1.el6cf.src",
                "product": {
                  "name": "cfme-0:5.2.2.3-1.el6cf.src",
                  "product_id": "cfme-0:5.2.2.3-1.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme@5.2.2.3-1.el6cf?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
                "product": {
                  "name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
                  "product_id": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri@1.5.6-3.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
                "product": {
                  "name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
                  "product_id": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-nokogiri-debuginfo@1.5.6-3.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
                "product": {
                  "name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
                  "product_id": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby-libs@1.9.3.448-40.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
                "product": {
                  "name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
                  "product_id": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby-devel@1.9.3.448-40.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
                "product": {
                  "name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
                  "product_id": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby@1.9.3.448-40.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
                "product": {
                  "name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
                  "product_id": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby-tcltk@1.9.3.448-40.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
                "product": {
                  "name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
                  "product_id": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby-debuginfo@1.9.3.448-40.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
                "product": {
                  "name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
                  "product_id": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-io-console@0.3-40.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
                "product": {
                  "name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
                  "product_id": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-bigdecimal@1.1.0-40.1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-0:5.2.2.3-1.el6cf.x86_64",
                "product": {
                  "name": "cfme-0:5.2.2.3-1.el6cf.x86_64",
                  "product_id": "cfme-0:5.2.2.3-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme@5.2.2.3-1.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
                "product": {
                  "name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
                  "product_id": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-appliance@5.2.2.3-1.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
                "product": {
                  "name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
                  "product_id": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-lib@5.2.2.3-1.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
                "product": {
                  "name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
                  "product_id": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-debuginfo@5.2.2.3-1.el6cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
                "product": {
                  "name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
                  "product_id": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mingw32-cfme-host@5.2.2.3-1.el6cf?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
                "product": {
                  "name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
                  "product_id": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-excon@0.31.0-1.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
                "product": {
                  "name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
                  "product_id": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-bunny-doc@1.0.7-1.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
                "product": {
                  "name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
                  "product_id": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-bunny@1.0.7-1.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
                "product": {
                  "name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
                  "product_id": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-fog@1.19.0-1.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
                "product": {
                  "name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
                  "product_id": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-more_core_extensions@1.1.2-1.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
                "product": {
                  "name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
                  "product_id": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-linux_admin@0.7.0-1.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
                "product": {
                  "name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
                  "product_id": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.13-5.el6cf?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
                "product": {
                  "name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
                  "product_id": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol@1.9.2-3.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
                "product": {
                  "name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
                  "product_id": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-amq-protocol-doc@1.9.2-3.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
                "product": {
                  "name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
                  "product_id": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygems-devel@1.8.23-40.1.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
                "product": {
                  "name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
                  "product_id": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygems@1.8.23-40.1.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
                "product": {
                  "name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
                  "product_id": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby-irb@1.9.3.448-40.1.el6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-0:5.2.2.3-1.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src"
        },
        "product_reference": "cfme-0:5.2.2.3-1.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64"
        },
        "product_reference": "cfme-0:5.2.2.3-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64"
        },
        "product_reference": "cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64"
        },
        "product_reference": "cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64"
        },
        "product_reference": "cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64"
        },
        "product_reference": "mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-0:1.9.3.448-40.1.el6.src as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src"
        },
        "product_reference": "ruby193-ruby-0:1.9.3.448-40.1.el6.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch"
        },
        "product_reference": "ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch"
        },
        "product_reference": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src"
        },
        "product_reference": "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch"
        },
        "product_reference": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src"
        },
        "product_reference": "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch"
        },
        "product_reference": "ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64"
        },
        "product_reference": "ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch"
        },
        "product_reference": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src"
        },
        "product_reference": "ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch"
        },
        "product_reference": "ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch"
        },
        "product_reference": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src"
        },
        "product_reference": "ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch"
        },
        "product_reference": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src"
        },
        "product_reference": "ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64"
        },
        "product_reference": "ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch"
        },
        "product_reference": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src"
        },
        "product_reference": "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch"
        },
        "product_reference": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src"
        },
        "product_reference": "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src"
        },
        "product_reference": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64"
        },
        "product_reference": "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64 as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64"
        },
        "product_reference": "ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch"
        },
        "product_reference": "ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
        "relates_to_product_reference": "6Server-CFME"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch as a component of Management Engine",
          "product_id": "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
        },
        "product_reference": "ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch",
        "relates_to_product_reference": "6Server-CFME"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "David Jorm"
          ],
          "organization": "Red Hat Security Response Team",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2013-0186",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2013-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "895346"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "EVM: Stored XSS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
          "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
          "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
          "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
          "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
          "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
          "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-0186"
        },
        {
          "category": "external",
          "summary": "RHBZ#895346",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895346"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0186",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-0186"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0186",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0186"
        }
      ],
      "release_date": "2014-03-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-03-11T16:56:48+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
            "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
            "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0215"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
            "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
            "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "EVM: Stored XSS"
    },
    {
      "cve": "CVE-2013-4164",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2013-11-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1033460"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ruby: heap overflow in floating point parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
          "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
          "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
          "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
          "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
          "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
          "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-4164"
        },
        {
          "category": "external",
          "summary": "RHBZ#1033460",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033460"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-4164"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4164",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4164"
        }
      ],
      "release_date": "2013-11-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-03-11T16:56:48+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
            "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
            "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0215"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
            "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
            "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "ruby: heap overflow in floating point parsing"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jan Rusnacko"
          ],
          "organization": "Red Hat Product Security Team",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2014-0057",
      "cwe": {
        "id": "CWE-470",
        "name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
      },
      "discovery_date": "2014-02-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1064140"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CFME: Dangerous send in ServiceController",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
          "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
          "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
          "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
          "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
          "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
          "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0057"
        },
        {
          "category": "external",
          "summary": "RHBZ#1064140",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064140"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0057"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0057",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0057"
        }
      ],
      "release_date": "2014-03-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-03-11T16:56:48+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
            "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
            "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0215"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
            "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
            "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "CFME: Dangerous send in ServiceController"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ruby on Rails Project"
          ]
        },
        {
          "names": [
            "Kevin Reintjes"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0081",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2014-02-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065520"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
          "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
          "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
          "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
          "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
          "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
          "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0081"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065520",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0081"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081"
        }
      ],
      "release_date": "2014-02-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-03-11T16:56:48+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
            "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
            "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0215"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
            "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
            "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ruby on Rails Project"
          ]
        },
        {
          "names": [
            "Toby Hsieh"
          ],
          "organization": "SlideShare",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0082",
      "discovery_date": "2014-02-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1065538"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-actionpack: Action View string handling denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
          "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
          "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
          "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
          "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
          "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
          "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
          "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
          "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
          "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
          "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
          "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
          "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0082"
        },
        {
          "category": "external",
          "summary": "RHBZ#1065538",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0082",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0082"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082"
        }
      ],
      "release_date": "2014-02-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-03-11T16:56:48+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
            "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
            "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0215"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.src",
            "6Server-CFME:cfme-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-appliance-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-debuginfo-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:cfme-lib-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:mingw32-cfme-host-0:5.2.2.3-1.el6cf.x86_64",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.src",
            "6Server-CFME:ruby193-ruby-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-devel-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-irb-0:1.9.3.448-40.1.el6.noarch",
            "6Server-CFME:ruby193-ruby-libs-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-actionpack-1:3.2.13-5.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-bunny-0:1.0.7-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-excon-0:0.31.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-fog-0:1.19.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-io-console-0:0.3-40.1.el6.x86_64",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.noarch",
            "6Server-CFME:ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.src",
            "6Server-CFME:ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf.x86_64",
            "6Server-CFME:ruby193-rubygems-0:1.8.23-40.1.el6.noarch",
            "6Server-CFME:ruby193-rubygems-devel-0:1.8.23-40.1.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rubygem-actionpack: Action View string handling denial of service"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.