Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-7819 (GCVE-0-2014-7819)
Vulnerability from cvelistv5
Published
2014-11-08 11:00
Modified
2024-08-06 13:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1504",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html"
},
{
"name": "openSUSE-SU-2014:1514",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html"
},
{
"name": "[rubyonrails-security] 20141030 [AMENDED] [CVE-2014-7819] Arbitrary file existence disclosure in Sprockets",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ"
},
{
"name": "openSUSE-SU-2014:1502",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html"
},
{
"name": "openSUSE-SU-2014:1513",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html"
},
{
"name": "[rubyonrails-security] 20141030 Arbitrary file existence disclosure in Sprockets (CVE-2014-7819)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-01T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:1504",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html"
},
{
"name": "openSUSE-SU-2014:1514",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html"
},
{
"name": "[rubyonrails-security] 20141030 [AMENDED] [CVE-2014-7819] Arbitrary file existence disclosure in Sprockets",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ"
},
{
"name": "openSUSE-SU-2014:1502",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html"
},
{
"name": "openSUSE-SU-2014:1513",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html"
},
{
"name": "[rubyonrails-security] 20141030 Arbitrary file existence disclosure in Sprockets (CVE-2014-7819)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-7819",
"datePublished": "2014-11-08T11:00:00",
"dateReserved": "2014-10-03T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2014-7819\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-11-08T11:55:03.023\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de salto de directorio en server.rb en Sprockets anterior a 2.0.5, 2.1.x anterior a 2.1.4, 2.2.x anterior a 2.2.3, 2.3.x anterior a 2.3.3, 2.4.x anterior a 2.4.6, 2.5.x anterior a 2.5.1, 2.6.x y 2.7.x anterior a 2.7.1, 2.8.x anterior a 2.8.3, 2.9.x anterior a 2.9.4, 2.10.x anterior a 2.10.2, 2.11.x anterior a 2.11.3, 2.12.x anterior a 2.12.3, y 3.x anterior a 3.0.0.beta.3, distribuido con Ruby on Rails 3.x y 4.x, permiten a atacantes remotos determinar la existencia de ficheros fuera del root de la aplicaci\u00f3n a trav\u00e9s de una secuencia ../ (punto punto barra) con (1) barras dobles o (2) codificaci\u00f3n de URL.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.0.5\",\"matchCriteriaId\":\"36F5A38C-B51C-4455-80B2-3FA89022C72B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.1.0\",\"versionEndExcluding\":\"2.1.4\",\"matchCriteriaId\":\"B8177C76-1C51-41E2-9647-107A76D9A9C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.2.3\",\"matchCriteriaId\":\"328E446A-05ED-4B23-9027-BC43A529C1AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.3.3\",\"matchCriteriaId\":\"659F0437-C16E-422C-89A8-448EDA78F48E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndExcluding\":\"2.4.6\",\"matchCriteriaId\":\"02AFF247-E71C-4C01-AB2A-EAF1CF171AC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5.0\",\"versionEndExcluding\":\"2.5.1\",\"matchCriteriaId\":\"50BAFDB7-A9B8-42E7-BC49-0D38DBC1E527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.1\",\"matchCriteriaId\":\"DDDE474C-2C05-4D15-B24F-82635B7FD896\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.8.0\",\"versionEndExcluding\":\"2.8.3\",\"matchCriteriaId\":\"4D4C63A3-F044-49CD-8D72-D8614C359250\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.9.0\",\"versionEndExcluding\":\"2.9.4\",\"matchCriteriaId\":\"7774FEE9-5ED9-4976-B363-38D838B8BA57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.10.0\",\"versionEndExcluding\":\"2.10.2\",\"matchCriteriaId\":\"7660A259-00F1-4CB6-AAE6-85D769DB4A64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.11.0\",\"versionEndExcluding\":\"2.11.3\",\"matchCriteriaId\":\"70228E9F-071E-45B6-9FBA-FE85DB04806E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.12.0\",\"versionEndExcluding\":\"2.12.3\",\"matchCriteriaId\":\"EA983B03-4446-4FE4-8EC7-DAFC9498CE6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8632528E-DF46-47BC-A229-E773D0CA4EC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E99F6172-6BF6-4FD1-BA63-1A9A0244FBD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"84D71F8E-38B6-4E96-B745-3D19DC64504D\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
suse-su-2015:0787-1
Vulnerability from csaf_suse
Published
2015-04-09 18:13
Modified
2015-04-09 18:13
Summary
Security update for rubygem-sprockets-2_11
Notes
Title of the patch
Security update for rubygem-sprockets-2_11
Description of the patch
This update for rubygem-sprockets-2_11 provides the following security fix:
* Arbitrary file existence disclosure (bnc#903658, CVE-2014-7819)
Security Issues:
* CVE-2014-7819
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819>
Patchnames
sleclo50sp3-ruby2.1-rubygem-sprockets-2_11
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-sprockets-2_11",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for rubygem-sprockets-2_11 provides the following security fix:\n\n * Arbitrary file existence disclosure (bnc#903658, CVE-2014-7819)\n\nSecurity Issues:\n\n * CVE-2014-7819\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819\u003e\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleclo50sp3-ruby2.1-rubygem-sprockets-2_11",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_0787-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:0787-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150787-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:0787-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-April/001362.html"
},
{
"category": "self",
"summary": "SUSE Bug 903658",
"url": "https://bugzilla.suse.com/903658"
},
{
"category": "self",
"summary": "SUSE Bug 926549",
"url": "https://bugzilla.suse.com/926549"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7819 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7819/"
}
],
"title": "Security update for rubygem-sprockets-2_11",
"tracking": {
"current_release_date": "2015-04-09T18:13:42Z",
"generator": {
"date": "2015-04-09T18:13:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:0787-1",
"initial_release_date": "2015-04-09T18:13:42Z",
"revision_history": [
{
"date": "2015-04-09T18:13:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-sprockets-2_11-2.11.0-0.9.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-sprockets-2_11-2.11.0-0.9.1.x86_64",
"product_id": "ruby2.1-rubygem-sprockets-2_11-2.11.0-0.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 5",
"product": {
"name": "SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:cloud:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-sprockets-2_11-2.11.0-0.9.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:ruby2.1-rubygem-sprockets-2_11-2.11.0-0.9.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-sprockets-2_11-2.11.0-0.9.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-7819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7819"
}
],
"notes": [
{
"category": "general",
"text": "Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-sprockets-2_11-2.11.0-0.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7819",
"url": "https://www.suse.com/security/cve/CVE-2014-7819"
},
{
"category": "external",
"summary": "SUSE Bug 903658 for CVE-2014-7819",
"url": "https://bugzilla.suse.com/903658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-sprockets-2_11-2.11.0-0.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-04-09T18:13:42Z",
"details": "low"
}
],
"title": "CVE-2014-7819"
}
]
}
suse-su-2015:0863-1
Vulnerability from csaf_suse
Published
2015-05-05 23:49
Modified
2015-05-05 23:49
Summary
Security update for SUSE Studio
Notes
Title of the patch
Security update for SUSE Studio
Description of the patch
This update provides SUSE Studio 1.3.10, including Amazon's EC2 support for
SUSE Linux Enterprise 12 appliances.
Additionally, the update includes fixes for the following issues:
* #904372 - Arbitrary file existence disclosure in sprockets gem
(CVE-2014-7819)
* #904375 - Arbitrary file existence disclosure in Action Pack gem
(CVE-2014-7818)
* #918203 - Arbitrary file existence disclosure in Studio Onsite
(CVE-2014-7829)
* #852794 - SLES 11-SP3 templates fail to build x86_64 EC2 images
* #914765 - Change of appliance name is not displayed in appliance's
change log
* #887893 - Change log not accessible via API
* #918239 - Failure to create new appliances after upgrade to Studio
Onsite 1.3.9
* #918395 - Remove 32bit as target for building EC2 appliances
* #912512 - Studio doesn't allow duplicated repositories
* #880078 - Studio packages contain files that get modified (by Studio)
after installation.
* #919037 - Can't open appliance on Gallery: undefined
restructure_unsupportable_packages method.
Security Issues:
* CVE-2014-7819
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819>
* CVE-2014-7818
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818>
* CVE-2014-7829
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829>
Patchnames
slestso13-susestudio-1310-201502
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Studio",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update provides SUSE Studio 1.3.10, including Amazon\u0027s EC2 support for \nSUSE Linux Enterprise 12 appliances.\n\nAdditionally, the update includes fixes for the following issues:\n\n * #904372 - Arbitrary file existence disclosure in sprockets gem\n (CVE-2014-7819)\n * #904375 - Arbitrary file existence disclosure in Action Pack gem\n (CVE-2014-7818)\n * #918203 - Arbitrary file existence disclosure in Studio Onsite\n (CVE-2014-7829)\n * #852794 - SLES 11-SP3 templates fail to build x86_64 EC2 images\n * #914765 - Change of appliance name is not displayed in appliance\u0027s\n change log\n * #887893 - Change log not accessible via API\n * #918239 - Failure to create new appliances after upgrade to Studio\n Onsite 1.3.9\n * #918395 - Remove 32bit as target for building EC2 appliances\n * #912512 - Studio doesn\u0027t allow duplicated repositories\n * #880078 - Studio packages contain files that get modified (by Studio)\n after installation.\n * #919037 - Can\u0027t open appliance on Gallery: undefined\n restructure_unsupportable_packages method.\n\nSecurity Issues:\n\n * CVE-2014-7819\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819\u003e\n * CVE-2014-7818\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818\u003e\n * CVE-2014-7829\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829\u003e\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slestso13-susestudio-1310-201502",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_0863-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:0863-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150863-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:0863-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-May/001377.html"
},
{
"category": "self",
"summary": "SUSE Bug 852794",
"url": "https://bugzilla.suse.com/852794"
},
{
"category": "self",
"summary": "SUSE Bug 876313",
"url": "https://bugzilla.suse.com/876313"
},
{
"category": "self",
"summary": "SUSE Bug 880078",
"url": "https://bugzilla.suse.com/880078"
},
{
"category": "self",
"summary": "SUSE Bug 887893",
"url": "https://bugzilla.suse.com/887893"
},
{
"category": "self",
"summary": "SUSE Bug 904372",
"url": "https://bugzilla.suse.com/904372"
},
{
"category": "self",
"summary": "SUSE Bug 904375",
"url": "https://bugzilla.suse.com/904375"
},
{
"category": "self",
"summary": "SUSE Bug 912512",
"url": "https://bugzilla.suse.com/912512"
},
{
"category": "self",
"summary": "SUSE Bug 914765",
"url": "https://bugzilla.suse.com/914765"
},
{
"category": "self",
"summary": "SUSE Bug 918203",
"url": "https://bugzilla.suse.com/918203"
},
{
"category": "self",
"summary": "SUSE Bug 918239",
"url": "https://bugzilla.suse.com/918239"
},
{
"category": "self",
"summary": "SUSE Bug 918395",
"url": "https://bugzilla.suse.com/918395"
},
{
"category": "self",
"summary": "SUSE Bug 919037",
"url": "https://bugzilla.suse.com/919037"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7818 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7819 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7829 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7829/"
}
],
"title": "Security update for SUSE Studio",
"tracking": {
"current_release_date": "2015-05-05T23:49:58Z",
"generator": {
"date": "2015-05-05T23:49:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:0863-1",
"initial_release_date": "2015-05-05T23:49:58Z",
"revision_history": [
{
"date": "2015-05-05T23:49:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Containment-Studio-SLE11_SP3-5.05.81-20150505234825.x86_64",
"product": {
"name": "Containment-Studio-SLE11_SP3-5.05.81-20150505234825.x86_64",
"product_id": "Containment-Studio-SLE11_SP3-5.05.81-20150505234825.x86_64"
}
},
{
"category": "product_version",
"name": "susestudio-1.3.10-0.17.45.x86_64",
"product": {
"name": "susestudio-1.3.10-0.17.45.x86_64",
"product_id": "susestudio-1.3.10-0.17.45.x86_64"
}
},
{
"category": "product_version",
"name": "susestudio-bundled-packages-1.3.10-0.17.45.x86_64",
"product": {
"name": "susestudio-bundled-packages-1.3.10-0.17.45.x86_64",
"product_id": "susestudio-bundled-packages-1.3.10-0.17.45.x86_64"
}
},
{
"category": "product_version",
"name": "susestudio-common-1.3.10-0.17.45.x86_64",
"product": {
"name": "susestudio-common-1.3.10-0.17.45.x86_64",
"product_id": "susestudio-common-1.3.10-0.17.45.x86_64"
}
},
{
"category": "product_version",
"name": "susestudio-runner-1.3.10-0.17.45.x86_64",
"product": {
"name": "susestudio-runner-1.3.10-0.17.45.x86_64",
"product_id": "susestudio-runner-1.3.10-0.17.45.x86_64"
}
},
{
"category": "product_version",
"name": "susestudio-sid-1.3.10-0.17.45.x86_64",
"product": {
"name": "susestudio-sid-1.3.10-0.17.45.x86_64",
"product_id": "susestudio-sid-1.3.10-0.17.45.x86_64"
}
},
{
"category": "product_version",
"name": "susestudio-ui-server-1.3.10-0.17.45.x86_64",
"product": {
"name": "susestudio-ui-server-1.3.10-0.17.45.x86_64",
"product_id": "susestudio-ui-server-1.3.10-0.17.45.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "Containment-Studio-SLE11_SP3-5.05.81-20150505234825.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:Containment-Studio-SLE11_SP3-5.05.81-20150505234825.x86_64"
},
"product_reference": "Containment-Studio-SLE11_SP3-5.05.81-20150505234825.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-1.3.10-0.17.45.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-1.3.10-0.17.45.x86_64"
},
"product_reference": "susestudio-1.3.10-0.17.45.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-bundled-packages-1.3.10-0.17.45.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.10-0.17.45.x86_64"
},
"product_reference": "susestudio-bundled-packages-1.3.10-0.17.45.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-common-1.3.10-0.17.45.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-common-1.3.10-0.17.45.x86_64"
},
"product_reference": "susestudio-common-1.3.10-0.17.45.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-runner-1.3.10-0.17.45.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-runner-1.3.10-0.17.45.x86_64"
},
"product_reference": "susestudio-runner-1.3.10-0.17.45.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-sid-1.3.10-0.17.45.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-sid-1.3.10-0.17.45.x86_64"
},
"product_reference": "susestudio-sid-1.3.10-0.17.45.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-ui-server-1.3.10-0.17.45.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.10-0.17.45.x86_64"
},
"product_reference": "susestudio-ui-server-1.3.10-0.17.45.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-7818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7818"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Studio Onsite 1.3:Containment-Studio-SLE11_SP3-5.05.81-20150505234825.x86_64",
"SUSE Studio Onsite 1.3:susestudio-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.10-0.17.45.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7818",
"url": "https://www.suse.com/security/cve/CVE-2014-7818"
},
{
"category": "external",
"summary": "SUSE Bug 903662 for CVE-2014-7818",
"url": "https://bugzilla.suse.com/903662"
},
{
"category": "external",
"summary": "SUSE Bug 905727 for CVE-2014-7818",
"url": "https://bugzilla.suse.com/905727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Studio Onsite 1.3:Containment-Studio-SLE11_SP3-5.05.81-20150505234825.x86_64",
"SUSE Studio Onsite 1.3:susestudio-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.10-0.17.45.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-05-05T23:49:58Z",
"details": "low"
}
],
"title": "CVE-2014-7818"
},
{
"cve": "CVE-2014-7819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7819"
}
],
"notes": [
{
"category": "general",
"text": "Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Studio Onsite 1.3:Containment-Studio-SLE11_SP3-5.05.81-20150505234825.x86_64",
"SUSE Studio Onsite 1.3:susestudio-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.10-0.17.45.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7819",
"url": "https://www.suse.com/security/cve/CVE-2014-7819"
},
{
"category": "external",
"summary": "SUSE Bug 903658 for CVE-2014-7819",
"url": "https://bugzilla.suse.com/903658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Studio Onsite 1.3:Containment-Studio-SLE11_SP3-5.05.81-20150505234825.x86_64",
"SUSE Studio Onsite 1.3:susestudio-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.10-0.17.45.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-05-05T23:49:58Z",
"details": "low"
}
],
"title": "CVE-2014-7819"
},
{
"cve": "CVE-2014-7829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7829"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \\ (backslash) character, a similar issue to CVE-2014-7818.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Studio Onsite 1.3:Containment-Studio-SLE11_SP3-5.05.81-20150505234825.x86_64",
"SUSE Studio Onsite 1.3:susestudio-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.10-0.17.45.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7829",
"url": "https://www.suse.com/security/cve/CVE-2014-7829"
},
{
"category": "external",
"summary": "SUSE Bug 905727 for CVE-2014-7829",
"url": "https://bugzilla.suse.com/905727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Studio Onsite 1.3:Containment-Studio-SLE11_SP3-5.05.81-20150505234825.x86_64",
"SUSE Studio Onsite 1.3:susestudio-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.10-0.17.45.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.10-0.17.45.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-05-05T23:49:58Z",
"details": "moderate"
}
],
"title": "CVE-2014-7829"
}
]
}
rhba-2015:1100
Vulnerability from csaf_redhat
Published
2015-06-16 12:28
Modified
2025-07-29 18:34
Summary
Red Hat Bug Fix Advisory: CFME 5.4.0 bug fixes, and enhancement update
Notes
Topic
Updated cfme packages that fix several bugs, and add various enhancements are now available for Red Hat CloudForms 3.2.
Details
Red Hat CloudForms Management Engine delivers the insight, control, and
automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development.
Action Pack implements the controller and the view components.
This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available in the Release Notes and Technical Notes documents linked to in the References section.
All cfme users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated cfme packages that fix several bugs, and add various enhancements are now available for Red Hat CloudForms 3.2.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat CloudForms Management Engine delivers the insight, control, and\nautomation needed to address the challenges of managing virtual\nenvironments. CloudForms Management Engine is built on Ruby on Rails, a\nmodel-view-controller (MVC) framework for web application development.\nAction Pack implements the controller and the view components.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes is available in the Release Notes and Technical Notes documents linked to in the References section.\n\nAll cfme users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2015:1100",
"url": "https://access.redhat.com/errata/RHBA-2015:1100"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_CloudForms/3.2/html/Release_Notes/index.html",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_CloudForms/3.2/html/Release_Notes/index.html"
},
{
"category": "external",
"summary": "1146178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1146178"
},
{
"category": "external",
"summary": "1160890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1160890"
},
{
"category": "external",
"summary": "1161248",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161248"
},
{
"category": "external",
"summary": "1161253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161253"
},
{
"category": "external",
"summary": "1161322",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161322"
},
{
"category": "external",
"summary": "1161701",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161701"
},
{
"category": "external",
"summary": "1161744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161744"
},
{
"category": "external",
"summary": "1163382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163382"
},
{
"category": "external",
"summary": "1163465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163465"
},
{
"category": "external",
"summary": "1163468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163468"
},
{
"category": "external",
"summary": "1163469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163469"
},
{
"category": "external",
"summary": "1163472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163472"
},
{
"category": "external",
"summary": "1163661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163661"
},
{
"category": "external",
"summary": "1163952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163952"
},
{
"category": "external",
"summary": "1163978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163978"
},
{
"category": "external",
"summary": "1164033",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164033"
},
{
"category": "external",
"summary": "1164386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164386"
},
{
"category": "external",
"summary": "1164764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164764"
},
{
"category": "external",
"summary": "1166187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166187"
},
{
"category": "external",
"summary": "1166198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166198"
},
{
"category": "external",
"summary": "1166303",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166303"
},
{
"category": "external",
"summary": "1166328",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166328"
},
{
"category": "external",
"summary": "1166861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166861"
},
{
"category": "external",
"summary": "1167110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1167110"
},
{
"category": "external",
"summary": "1167308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1167308"
},
{
"category": "external",
"summary": "1167410",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1167410"
},
{
"category": "external",
"summary": "1168337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168337"
},
{
"category": "external",
"summary": "1168345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168345"
},
{
"category": "external",
"summary": "1169351",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169351"
},
{
"category": "external",
"summary": "1169502",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169502"
},
{
"category": "external",
"summary": "1169930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169930"
},
{
"category": "external",
"summary": "1169937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169937"
},
{
"category": "external",
"summary": "1170319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170319"
},
{
"category": "external",
"summary": "1170358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170358"
},
{
"category": "external",
"summary": "1170813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170813"
},
{
"category": "external",
"summary": "1171167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1171167"
},
{
"category": "external",
"summary": "1171286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1171286"
},
{
"category": "external",
"summary": "1171577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1171577"
},
{
"category": "external",
"summary": "1171589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1171589"
},
{
"category": "external",
"summary": "1171738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1171738"
},
{
"category": "external",
"summary": "1171780",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1171780"
},
{
"category": "external",
"summary": "1172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172298"
},
{
"category": "external",
"summary": "1173213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1173213"
},
{
"category": "external",
"summary": "1173216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1173216"
},
{
"category": "external",
"summary": "1173251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1173251"
},
{
"category": "external",
"summary": "1173336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1173336"
},
{
"category": "external",
"summary": "1173712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1173712"
},
{
"category": "external",
"summary": "1174855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174855"
},
{
"category": "external",
"summary": "1174881",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174881"
},
{
"category": "external",
"summary": "1176280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176280"
},
{
"category": "external",
"summary": "1176619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176619"
},
{
"category": "external",
"summary": "1176689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176689"
},
{
"category": "external",
"summary": "1176721",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176721"
},
{
"category": "external",
"summary": "1177015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1177015"
},
{
"category": "external",
"summary": "1177809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1177809"
},
{
"category": "external",
"summary": "1178078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178078"
},
{
"category": "external",
"summary": "1178697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178697"
},
{
"category": "external",
"summary": "1178729",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178729"
},
{
"category": "external",
"summary": "1179503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179503"
},
{
"category": "external",
"summary": "1179797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179797"
},
{
"category": "external",
"summary": "1186502",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186502"
},
{
"category": "external",
"summary": "1186911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186911"
},
{
"category": "external",
"summary": "1179807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179807"
},
{
"category": "external",
"summary": "1179907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179907"
},
{
"category": "external",
"summary": "1179908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179908"
},
{
"category": "external",
"summary": "1179958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179958"
},
{
"category": "external",
"summary": "1180313",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1180313"
},
{
"category": "external",
"summary": "1180649",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1180649"
},
{
"category": "external",
"summary": "1180746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1180746"
},
{
"category": "external",
"summary": "1181429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181429"
},
{
"category": "external",
"summary": "1181768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181768"
},
{
"category": "external",
"summary": "1182329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182329"
},
{
"category": "external",
"summary": "1182330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182330"
},
{
"category": "external",
"summary": "1182654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182654"
},
{
"category": "external",
"summary": "1182795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182795"
},
{
"category": "external",
"summary": "1183757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183757"
},
{
"category": "external",
"summary": "1184250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184250"
},
{
"category": "external",
"summary": "1184267",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184267"
},
{
"category": "external",
"summary": "1184343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184343"
},
{
"category": "external",
"summary": "1184465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184465"
},
{
"category": "external",
"summary": "1184575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184575"
},
{
"category": "external",
"summary": "1184637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184637"
},
{
"category": "external",
"summary": "1184990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184990"
},
{
"category": "external",
"summary": "1185042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185042"
},
{
"category": "external",
"summary": "1186364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186364"
},
{
"category": "external",
"summary": "1186413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186413"
},
{
"category": "external",
"summary": "1186485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186485"
},
{
"category": "external",
"summary": "1187233",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187233"
},
{
"category": "external",
"summary": "1187836",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187836"
},
{
"category": "external",
"summary": "1188401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188401"
},
{
"category": "external",
"summary": "1188427",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188427"
},
{
"category": "external",
"summary": "1188436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188436"
},
{
"category": "external",
"summary": "1188585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188585"
},
{
"category": "external",
"summary": "1188597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188597"
},
{
"category": "external",
"summary": "1188798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188798"
},
{
"category": "external",
"summary": "1190054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190054"
},
{
"category": "external",
"summary": "1190211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190211"
},
{
"category": "external",
"summary": "1190260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190260"
},
{
"category": "external",
"summary": "1190293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190293"
},
{
"category": "external",
"summary": "1190564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190564"
},
{
"category": "external",
"summary": "1190565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190565"
},
{
"category": "external",
"summary": "1190584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190584"
},
{
"category": "external",
"summary": "1190603",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190603"
},
{
"category": "external",
"summary": "1190667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190667"
},
{
"category": "external",
"summary": "1190672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190672"
},
{
"category": "external",
"summary": "1190852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190852"
},
{
"category": "external",
"summary": "1190855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190855"
},
{
"category": "external",
"summary": "1191197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191197"
},
{
"category": "external",
"summary": "1191279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191279"
},
{
"category": "external",
"summary": "1191468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191468"
},
{
"category": "external",
"summary": "1191489",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191489"
},
{
"category": "external",
"summary": "1191496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191496"
},
{
"category": "external",
"summary": "1191585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191585"
},
{
"category": "external",
"summary": "1192039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192039"
},
{
"category": "external",
"summary": "1192198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192198"
},
{
"category": "external",
"summary": "1192223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192223"
},
{
"category": "external",
"summary": "1192409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192409"
},
{
"category": "external",
"summary": "1192518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192518"
},
{
"category": "external",
"summary": "1192562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192562"
},
{
"category": "external",
"summary": "1193183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193183"
},
{
"category": "external",
"summary": "1193522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193522"
},
{
"category": "external",
"summary": "1193615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193615"
},
{
"category": "external",
"summary": "1193847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193847"
},
{
"category": "external",
"summary": "1194223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194223"
},
{
"category": "external",
"summary": "1194242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194242"
},
{
"category": "external",
"summary": "1194319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194319"
},
{
"category": "external",
"summary": "1194479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194479"
},
{
"category": "external",
"summary": "1195407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1195407"
},
{
"category": "external",
"summary": "1198814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198814"
},
{
"category": "external",
"summary": "1195754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1195754"
},
{
"category": "external",
"summary": "1195832",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1195832"
},
{
"category": "external",
"summary": "1195877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1195877"
},
{
"category": "external",
"summary": "1196369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196369"
},
{
"category": "external",
"summary": "1196384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196384"
},
{
"category": "external",
"summary": "1196851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196851"
},
{
"category": "external",
"summary": "1196852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196852"
},
{
"category": "external",
"summary": "1197067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197067"
},
{
"category": "external",
"summary": "1198111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198111"
},
{
"category": "external",
"summary": "1198594",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198594"
},
{
"category": "external",
"summary": "1198735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198735"
},
{
"category": "external",
"summary": "1198867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198867"
},
{
"category": "external",
"summary": "1199240",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199240"
},
{
"category": "external",
"summary": "1199915",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199915"
},
{
"category": "external",
"summary": "1200424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1200424"
},
{
"category": "external",
"summary": "1200601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1200601"
},
{
"category": "external",
"summary": "1200757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1200757"
},
{
"category": "external",
"summary": "1200783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1200783"
},
{
"category": "external",
"summary": "1200854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1200854"
},
{
"category": "external",
"summary": "1200925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1200925"
},
{
"category": "external",
"summary": "1201092",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201092"
},
{
"category": "external",
"summary": "1201093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201093"
},
{
"category": "external",
"summary": "1201097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201097"
},
{
"category": "external",
"summary": "1201132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201132"
},
{
"category": "external",
"summary": "1201137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201137"
},
{
"category": "external",
"summary": "1201140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201140"
},
{
"category": "external",
"summary": "1201378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201378"
},
{
"category": "external",
"summary": "1201383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201383"
},
{
"category": "external",
"summary": "1201531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201531"
},
{
"category": "external",
"summary": "1201684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201684"
},
{
"category": "external",
"summary": "1201716",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201716"
},
{
"category": "external",
"summary": "1201720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201720"
},
{
"category": "external",
"summary": "1201751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201751"
},
{
"category": "external",
"summary": "1201771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201771"
},
{
"category": "external",
"summary": "1201883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201883"
},
{
"category": "external",
"summary": "1201920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201920"
},
{
"category": "external",
"summary": "1201932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201932"
},
{
"category": "external",
"summary": "1202195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202195"
},
{
"category": "external",
"summary": "1202216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202216"
},
{
"category": "external",
"summary": "1202229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202229"
},
{
"category": "external",
"summary": "1202394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202394"
},
{
"category": "external",
"summary": "1202412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202412"
},
{
"category": "external",
"summary": "1202415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202415"
},
{
"category": "external",
"summary": "1202427",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202427"
},
{
"category": "external",
"summary": "1202465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202465"
},
{
"category": "external",
"summary": "1202478",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202478"
},
{
"category": "external",
"summary": "1202491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202491"
},
{
"category": "external",
"summary": "1202543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202543"
},
{
"category": "external",
"summary": "1202648",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202648"
},
{
"category": "external",
"summary": "1202655",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202655"
},
{
"category": "external",
"summary": "1202660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202660"
},
{
"category": "external",
"summary": "1202681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202681"
},
{
"category": "external",
"summary": "1202816",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202816"
},
{
"category": "external",
"summary": "1203003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203003"
},
{
"category": "external",
"summary": "1203168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203168"
},
{
"category": "external",
"summary": "1203184",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203184"
},
{
"category": "external",
"summary": "1203207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203207"
},
{
"category": "external",
"summary": "1203301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203301"
},
{
"category": "external",
"summary": "1203426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203426"
},
{
"category": "external",
"summary": "1203442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203442"
},
{
"category": "external",
"summary": "1203547",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203547"
},
{
"category": "external",
"summary": "1203713",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203713"
},
{
"category": "external",
"summary": "1204115",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204115"
},
{
"category": "external",
"summary": "1204117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204117"
},
{
"category": "external",
"summary": "1204125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204125"
},
{
"category": "external",
"summary": "1204232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204232"
},
{
"category": "external",
"summary": "1204252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204252"
},
{
"category": "external",
"summary": "1204548",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204548"
},
{
"category": "external",
"summary": "1204599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204599"
},
{
"category": "external",
"summary": "1204629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204629"
},
{
"category": "external",
"summary": "1204635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204635"
},
{
"category": "external",
"summary": "1204899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204899"
},
{
"category": "external",
"summary": "1204912",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204912"
},
{
"category": "external",
"summary": "1204943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204943"
},
{
"category": "external",
"summary": "1205137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205137"
},
{
"category": "external",
"summary": "1205213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205213"
},
{
"category": "external",
"summary": "1205235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205235"
},
{
"category": "external",
"summary": "1205247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205247"
},
{
"category": "external",
"summary": "1205347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205347"
},
{
"category": "external",
"summary": "1205386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205386"
},
{
"category": "external",
"summary": "1205407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205407"
},
{
"category": "external",
"summary": "1205453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205453"
},
{
"category": "external",
"summary": "1205496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205496"
},
{
"category": "external",
"summary": "1205779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205779"
},
{
"category": "external",
"summary": "1205898",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205898"
},
{
"category": "external",
"summary": "1205918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205918"
},
{
"category": "external",
"summary": "1205919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205919"
},
{
"category": "external",
"summary": "1205920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205920"
},
{
"category": "external",
"summary": "1206016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206016"
},
{
"category": "external",
"summary": "1206022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206022"
},
{
"category": "external",
"summary": "1206023",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206023"
},
{
"category": "external",
"summary": "1206028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206028"
},
{
"category": "external",
"summary": "1206122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206122"
},
{
"category": "external",
"summary": "1206124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206124"
},
{
"category": "external",
"summary": "1206141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206141"
},
{
"category": "external",
"summary": "1206142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206142"
},
{
"category": "external",
"summary": "1206204",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206204"
},
{
"category": "external",
"summary": "1206263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206263"
},
{
"category": "external",
"summary": "1206662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206662"
},
{
"category": "external",
"summary": "1206672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206672"
},
{
"category": "external",
"summary": "1206675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206675"
},
{
"category": "external",
"summary": "1206687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206687"
},
{
"category": "external",
"summary": "1206727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206727"
},
{
"category": "external",
"summary": "1206729",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206729"
},
{
"category": "external",
"summary": "1207018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207018"
},
{
"category": "external",
"summary": "1207112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207112"
},
{
"category": "external",
"summary": "1207209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207209"
},
{
"category": "external",
"summary": "1207259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207259"
},
{
"category": "external",
"summary": "1207298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207298"
},
{
"category": "external",
"summary": "1207313",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207313"
},
{
"category": "external",
"summary": "1207631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207631"
},
{
"category": "external",
"summary": "1207641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207641"
},
{
"category": "external",
"summary": "1207788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207788"
},
{
"category": "external",
"summary": "1207842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207842"
},
{
"category": "external",
"summary": "1207859",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207859"
},
{
"category": "external",
"summary": "1207865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207865"
},
{
"category": "external",
"summary": "1207895",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207895"
},
{
"category": "external",
"summary": "1208129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208129"
},
{
"category": "external",
"summary": "1208152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208152"
},
{
"category": "external",
"summary": "1208258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208258"
},
{
"category": "external",
"summary": "1208642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208642"
},
{
"category": "external",
"summary": "1208698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208698"
},
{
"category": "external",
"summary": "1208852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208852"
},
{
"category": "external",
"summary": "1209015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209015"
},
{
"category": "external",
"summary": "1209262",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209262"
},
{
"category": "external",
"summary": "1209421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209421"
},
{
"category": "external",
"summary": "1209557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209557"
},
{
"category": "external",
"summary": "1209629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209629"
},
{
"category": "external",
"summary": "1209641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209641"
},
{
"category": "external",
"summary": "1209642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209642"
},
{
"category": "external",
"summary": "1209711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209711"
},
{
"category": "external",
"summary": "1209756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209756"
},
{
"category": "external",
"summary": "1209847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209847"
},
{
"category": "external",
"summary": "1209945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209945"
},
{
"category": "external",
"summary": "1210089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210089"
},
{
"category": "external",
"summary": "1210094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210094"
},
{
"category": "external",
"summary": "1210277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210277"
},
{
"category": "external",
"summary": "1210376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210376"
},
{
"category": "external",
"summary": "1210385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210385"
},
{
"category": "external",
"summary": "1210507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210507"
},
{
"category": "external",
"summary": "1210761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210761"
},
{
"category": "external",
"summary": "1211121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211121"
},
{
"category": "external",
"summary": "1211125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211125"
},
{
"category": "external",
"summary": "1211209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211209"
},
{
"category": "external",
"summary": "1211241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211241"
},
{
"category": "external",
"summary": "1211249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211249"
},
{
"category": "external",
"summary": "1211306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211306"
},
{
"category": "external",
"summary": "1211308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211308"
},
{
"category": "external",
"summary": "1211364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211364"
},
{
"category": "external",
"summary": "1211385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211385"
},
{
"category": "external",
"summary": "1211392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211392"
},
{
"category": "external",
"summary": "1212428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212428"
},
{
"category": "external",
"summary": "1211409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211409"
},
{
"category": "external",
"summary": "1211410",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211410"
},
{
"category": "external",
"summary": "1211489",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211489"
},
{
"category": "external",
"summary": "1211553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211553"
},
{
"category": "external",
"summary": "1211592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211592"
},
{
"category": "external",
"summary": "1211620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211620"
},
{
"category": "external",
"summary": "1211652",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211652"
},
{
"category": "external",
"summary": "1211687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211687"
},
{
"category": "external",
"summary": "1211693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211693"
},
{
"category": "external",
"summary": "1212052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212052"
},
{
"category": "external",
"summary": "1212123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212123"
},
{
"category": "external",
"summary": "1212164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212164"
},
{
"category": "external",
"summary": "1212382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212382"
},
{
"category": "external",
"summary": "1212411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212411"
},
{
"category": "external",
"summary": "1212423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212423"
},
{
"category": "external",
"summary": "1212466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212466"
},
{
"category": "external",
"summary": "1212534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212534"
},
{
"category": "external",
"summary": "1212656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212656"
},
{
"category": "external",
"summary": "1212687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212687"
},
{
"category": "external",
"summary": "1212778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212778"
},
{
"category": "external",
"summary": "1213014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213014"
},
{
"category": "external",
"summary": "1213044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213044"
},
{
"category": "external",
"summary": "1213145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213145"
},
{
"category": "external",
"summary": "1213378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213378"
},
{
"category": "external",
"summary": "1213533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213533"
},
{
"category": "external",
"summary": "1213553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213553"
},
{
"category": "external",
"summary": "1213570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213570"
},
{
"category": "external",
"summary": "1213853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213853"
},
{
"category": "external",
"summary": "1213863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213863"
},
{
"category": "external",
"summary": "1213874",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213874"
},
{
"category": "external",
"summary": "1213939",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213939"
},
{
"category": "external",
"summary": "1214005",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214005"
},
{
"category": "external",
"summary": "1214012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214012"
},
{
"category": "external",
"summary": "1214081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214081"
},
{
"category": "external",
"summary": "1214204",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214204"
},
{
"category": "external",
"summary": "1214543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214543"
},
{
"category": "external",
"summary": "1214680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214680"
},
{
"category": "external",
"summary": "1214690",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214690"
},
{
"category": "external",
"summary": "1214725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214725"
},
{
"category": "external",
"summary": "1214776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214776"
},
{
"category": "external",
"summary": "1214833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214833"
},
{
"category": "external",
"summary": "1214925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214925"
},
{
"category": "external",
"summary": "1215216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1215216"
},
{
"category": "external",
"summary": "1215272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1215272"
},
{
"category": "external",
"summary": "1215285",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1215285"
},
{
"category": "external",
"summary": "1215566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1215566"
},
{
"category": "external",
"summary": "1215615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1215615"
},
{
"category": "external",
"summary": "1215812",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1215812"
},
{
"category": "external",
"summary": "1216005",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216005"
},
{
"category": "external",
"summary": "1216157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216157"
},
{
"category": "external",
"summary": "1216209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216209"
},
{
"category": "external",
"summary": "1216210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216210"
},
{
"category": "external",
"summary": "1216222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216222"
},
{
"category": "external",
"summary": "1216224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216224"
},
{
"category": "external",
"summary": "1216969",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216969"
},
{
"category": "external",
"summary": "1216978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216978"
},
{
"category": "external",
"summary": "1217161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217161"
},
{
"category": "external",
"summary": "1217195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217195"
},
{
"category": "external",
"summary": "1217216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217216"
},
{
"category": "external",
"summary": "1217253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217253"
},
{
"category": "external",
"summary": "1217257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217257"
},
{
"category": "external",
"summary": "1217262",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217262"
},
{
"category": "external",
"summary": "1217324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217324"
},
{
"category": "external",
"summary": "1217336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217336"
},
{
"category": "external",
"summary": "1217348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217348"
},
{
"category": "external",
"summary": "1217391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217391"
},
{
"category": "external",
"summary": "1217394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217394"
},
{
"category": "external",
"summary": "1217532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217532"
},
{
"category": "external",
"summary": "1217597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217597"
},
{
"category": "external",
"summary": "1217601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217601"
},
{
"category": "external",
"summary": "1217637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217637"
},
{
"category": "external",
"summary": "1217812",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217812"
},
{
"category": "external",
"summary": "1217818",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217818"
},
{
"category": "external",
"summary": "1218406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218406"
},
{
"category": "external",
"summary": "1218429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218429"
},
{
"category": "external",
"summary": "1218436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218436"
},
{
"category": "external",
"summary": "1218441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218441"
},
{
"category": "external",
"summary": "1218607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218607"
},
{
"category": "external",
"summary": "1218786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218786"
},
{
"category": "external",
"summary": "1218944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218944"
},
{
"category": "external",
"summary": "1219019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219019"
},
{
"category": "external",
"summary": "1219098",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219098"
},
{
"category": "external",
"summary": "1219171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219171"
},
{
"category": "external",
"summary": "1219329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219329"
},
{
"category": "external",
"summary": "1219439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219439"
},
{
"category": "external",
"summary": "1219614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219614"
},
{
"category": "external",
"summary": "1219642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219642"
},
{
"category": "external",
"summary": "1220383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1220383"
},
{
"category": "external",
"summary": "1220516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1220516"
},
{
"category": "external",
"summary": "1220882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1220882"
},
{
"category": "external",
"summary": "1220901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1220901"
},
{
"category": "external",
"summary": "1221299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221299"
},
{
"category": "external",
"summary": "1221324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221324"
},
{
"category": "external",
"summary": "1221366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221366"
},
{
"category": "external",
"summary": "1221479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221479"
},
{
"category": "external",
"summary": "1221510",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221510"
},
{
"category": "external",
"summary": "1221716",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221716"
},
{
"category": "external",
"summary": "1222035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222035"
},
{
"category": "external",
"summary": "1222138",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222138"
},
{
"category": "external",
"summary": "1222615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222615"
},
{
"category": "external",
"summary": "1222616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222616"
},
{
"category": "external",
"summary": "1223042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223042"
},
{
"category": "external",
"summary": "1223835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223835"
},
{
"category": "external",
"summary": "1223934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223934"
},
{
"category": "external",
"summary": "1225173",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225173"
},
{
"category": "external",
"summary": "1225178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225178"
},
{
"category": "external",
"summary": "1225205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225205"
},
{
"category": "external",
"summary": "1225377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225377"
},
{
"category": "external",
"summary": "1225662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225662"
},
{
"category": "external",
"summary": "1226428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1226428"
},
{
"category": "external",
"summary": "1227441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227441"
},
{
"category": "external",
"summary": "1228407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228407"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhba-2015_1100.json"
}
],
"title": "Red Hat Bug Fix Advisory: CFME 5.4.0 bug fixes, and enhancement update",
"tracking": {
"current_release_date": "2025-07-29T18:34:34+00:00",
"generator": {
"date": "2025-07-29T18:34:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.5"
}
},
"id": "RHBA-2015:1100",
"initial_release_date": "2015-06-16T12:28:42+00:00",
"revision_history": [
{
"date": "2015-06-16T12:28:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-06-16T12:28:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-07-29T18:34:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CloudForms Management Engine 5.4",
"product": {
"name": "CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat CloudForms"
},
{
"branches": [
{
"category": "product_version",
"name": "open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"product": {
"name": "open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"product_id": "open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/open-vm-tools-desktop@9.2.3-5.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"product": {
"name": "open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"product_id": "open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/open-vm-tools@9.2.3-5.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"product": {
"name": "open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"product_id": "open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/open-vm-tools-debuginfo@9.2.3-5.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"product": {
"name": "open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"product_id": "open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/open-vm-tools-devel@9.2.3-5.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pyliblzma-0:0.5.3-7.el6cf.x86_64",
"product": {
"name": "pyliblzma-0:0.5.3-7.el6cf.x86_64",
"product_id": "pyliblzma-0:0.5.3-7.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pyliblzma@0.5.3-7.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"product": {
"name": "pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"product_id": "pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pyliblzma-debuginfo@0.5.3-7.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"product": {
"name": "libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"product_id": "libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libdnet-debuginfo@1.12-11.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libdnet-0:1.12-11.el6cf.x86_64",
"product": {
"name": "libdnet-0:1.12-11.el6cf.x86_64",
"product_id": "libdnet-0:1.12-11.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libdnet@1.12-11.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libdnet-progs-0:1.12-11.el6cf.x86_64",
"product": {
"name": "libdnet-progs-0:1.12-11.el6cf.x86_64",
"product_id": "libdnet-progs-0:1.12-11.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libdnet-progs@1.12-11.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libdnet-devel-0:1.12-11.el6cf.x86_64",
"product": {
"name": "libdnet-devel-0:1.12-11.el6cf.x86_64",
"product_id": "libdnet-devel-0:1.12-11.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libdnet-devel@1.12-11.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prince-0:9.0r2-4.el6cf.x86_64",
"product": {
"name": "prince-0:9.0r2-4.el6cf.x86_64",
"product_id": "prince-0:9.0r2-4.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prince@9.0r2-4.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"product": {
"name": "netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"product_id": "netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netapp-manageability-sdk@4.0P1-3.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"product": {
"name": "netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"product_id": "netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netapp-manageability-sdk-devel@4.0P1-3.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"product": {
"name": "cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"product_id": "cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-vnc-plugin-debuginfo@1.0.0-2.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"product": {
"name": "cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"product_id": "cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-vnc-plugin@1.0.0-2.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"product": {
"name": "lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"product_id": "lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/lshw-debuginfo@B.02.16-4.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "lshw-gui-0:B.02.16-4.el6cf.x86_64",
"product": {
"name": "lshw-gui-0:B.02.16-4.el6cf.x86_64",
"product_id": "lshw-gui-0:B.02.16-4.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/lshw-gui@B.02.16-4.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "lshw-0:B.02.16-4.el6cf.x86_64",
"product": {
"name": "lshw-0:B.02.16-4.el6cf.x86_64",
"product_id": "lshw-0:B.02.16-4.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/lshw@B.02.16-4.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"product_id": "ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-qpid_messaging@0.20.2-5.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"product_id": "ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-qpid_messaging-debuginfo@0.20.2-5.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "wmi-debuginfo-0:1.3.14-1.el6cf.x86_64",
"product": {
"name": "wmi-debuginfo-0:1.3.14-1.el6cf.x86_64",
"product_id": "wmi-debuginfo-0:1.3.14-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/wmi-debuginfo@1.3.14-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "wmi-0:1.3.14-1.el6cf.x86_64",
"product": {
"name": "wmi-0:1.3.14-1.el6cf.x86_64",
"product_id": "wmi-0:1.3.14-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/wmi@1.3.14-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"product_id": "ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-pg-debuginfo@0.12.2-9.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"product_id": "ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-pg@0.12.2-9.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"product_id": "ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-eventmachine-debuginfo@1.0.7-2.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"product_id": "ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-eventmachine@1.0.7-2.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"product_id": "ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-json-debuginfo@1.8.2-2.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"product_id": "ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-json@1.8.2-2.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"product_id": "ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-nokogiri-debuginfo@1.5.11-2.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"product_id": "ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-nokogiri@1.5.11-2.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"product_id": "ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-bcrypt-ruby@3.0.1-2.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"product_id": "ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-bcrypt-ruby-debuginfo@3.0.1-2.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"product_id": "ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-io-extra-debuginfo@1.2.8-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"product_id": "ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-io-extra@1.2.8-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"product_id": "ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-psych-debuginfo@2.0.13-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"product_id": "ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-psych@2.0.13-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"product_id": "ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-ffi@1.9.8-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"product_id": "ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-ffi-debuginfo@1.9.8-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"product_id": "ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-thin-debuginfo@1.3.1-9.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"product_id": "ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-thin@1.3.1-9.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"product_id": "ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-therubyracer@0.11.0-5.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"product": {
"name": "ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"product_id": "ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-therubyracer-debuginfo@0.11.0-5.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"product": {
"name": "cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"product_id": "cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-lib@5.4.0.5-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"product": {
"name": "cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"product_id": "cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-debuginfo@5.4.0.5-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"product": {
"name": "cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"product_id": "cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance@5.4.0.5-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.4.0.5-1.el6cf.x86_64",
"product": {
"name": "cfme-0:5.4.0.5-1.el6cf.x86_64",
"product_id": "cfme-0:5.4.0.5-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.4.0.5-1.el6cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"product": {
"name": "cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"product_id": "cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-gemset@5.4.0.5-1.el6cf?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "open-vm-tools-0:9.2.3-5.el6cf.src",
"product": {
"name": "open-vm-tools-0:9.2.3-5.el6cf.src",
"product_id": "open-vm-tools-0:9.2.3-5.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/open-vm-tools@9.2.3-5.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "sneakernet_ca-0:0.1-2.el6cf.src",
"product": {
"name": "sneakernet_ca-0:0.1-2.el6cf.src",
"product_id": "sneakernet_ca-0:0.1-2.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sneakernet_ca@0.1-2.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "pyliblzma-0:0.5.3-7.el6cf.src",
"product": {
"name": "pyliblzma-0:0.5.3-7.el6cf.src",
"product_id": "pyliblzma-0:0.5.3-7.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pyliblzma@0.5.3-7.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "libdnet-0:1.12-11.el6cf.src",
"product": {
"name": "libdnet-0:1.12-11.el6cf.src",
"product_id": "libdnet-0:1.12-11.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libdnet@1.12-11.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "prince-0:9.0r2-4.el6cf.src",
"product": {
"name": "prince-0:9.0r2-4.el6cf.src",
"product_id": "prince-0:9.0r2-4.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prince@9.0r2-4.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"product": {
"name": "netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"product_id": "netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/netapp-manageability-sdk@4.0P1-3.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"product": {
"name": "cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"product_id": "cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-vnc-plugin@1.0.0-2.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "lshw-0:B.02.16-4.el6cf.src",
"product": {
"name": "lshw-0:B.02.16-4.el6cf.src",
"product_id": "lshw-0:B.02.16-4.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/lshw@B.02.16-4.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"product": {
"name": "ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"product_id": "ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-qpid_messaging@0.20.2-5.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "wmi-0:1.3.14-1.el6cf.src",
"product": {
"name": "wmi-0:1.3.14-1.el6cf.src",
"product_id": "wmi-0:1.3.14-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/wmi@1.3.14-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"product": {
"name": "ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"product_id": "ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-pg@0.12.2-9.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"product": {
"name": "ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"product_id": "ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-eventmachine@1.0.7-2.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"product": {
"name": "ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"product_id": "ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-json@1.8.2-2.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"product": {
"name": "ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"product_id": "ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-nokogiri@1.5.11-2.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"product": {
"name": "ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"product_id": "ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-bcrypt-ruby@3.0.1-2.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"product": {
"name": "ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"product_id": "ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-io-extra@1.2.8-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"product": {
"name": "ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"product_id": "ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-psych@2.0.13-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"product": {
"name": "ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"product_id": "ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-ffi@1.9.8-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"product": {
"name": "ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"product_id": "ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-thin@1.3.1-9.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"product": {
"name": "ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"product_id": "ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby200-rubygem-therubyracer@0.11.0-5.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.4.0.5-1.el6cf.src",
"product": {
"name": "cfme-0:5.4.0.5-1.el6cf.src",
"product_id": "cfme-0:5.4.0.5-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.4.0.5-1.el6cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-gemset-0:5.4.0.5-1.el6cf.src",
"product": {
"name": "cfme-gemset-0:5.4.0.5-1.el6cf.src",
"product_id": "cfme-gemset-0:5.4.0.5-1.el6cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-gemset@5.4.0.5-1.el6cf?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "sneakernet_ca-0:0.1-2.el6cf.noarch",
"product": {
"name": "sneakernet_ca-0:0.1-2.el6cf.noarch",
"product_id": "sneakernet_ca-0:0.1-2.el6cf.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sneakernet_ca@0.1-2.el6cf?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.4.0.5-1.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src"
},
"product_reference": "cfme-0:5.4.0.5-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.4.0.5-1.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64"
},
"product_reference": "cfme-0:5.4.0.5-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-0:5.4.0.5-1.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64"
},
"product_reference": "cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64"
},
"product_reference": "cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-gemset-0:5.4.0.5-1.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src"
},
"product_reference": "cfme-gemset-0:5.4.0.5-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-gemset-0:5.4.0.5-1.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64"
},
"product_reference": "cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-lib-0:5.4.0.5-1.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64"
},
"product_reference": "cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-vnc-plugin-0:1.0.0-2.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src"
},
"product_reference": "cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64"
},
"product_reference": "cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64"
},
"product_reference": "cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdnet-0:1.12-11.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src"
},
"product_reference": "libdnet-0:1.12-11.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdnet-0:1.12-11.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64"
},
"product_reference": "libdnet-0:1.12-11.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdnet-debuginfo-0:1.12-11.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64"
},
"product_reference": "libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdnet-devel-0:1.12-11.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64"
},
"product_reference": "libdnet-devel-0:1.12-11.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdnet-progs-0:1.12-11.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64"
},
"product_reference": "libdnet-progs-0:1.12-11.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lshw-0:B.02.16-4.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src"
},
"product_reference": "lshw-0:B.02.16-4.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lshw-0:B.02.16-4.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64"
},
"product_reference": "lshw-0:B.02.16-4.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lshw-debuginfo-0:B.02.16-4.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64"
},
"product_reference": "lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lshw-gui-0:B.02.16-4.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64"
},
"product_reference": "lshw-gui-0:B.02.16-4.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netapp-manageability-sdk-0:4.0P1-3.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src"
},
"product_reference": "netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64"
},
"product_reference": "netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64"
},
"product_reference": "netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-vm-tools-0:9.2.3-5.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src"
},
"product_reference": "open-vm-tools-0:9.2.3-5.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-vm-tools-0:9.2.3-5.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64"
},
"product_reference": "open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64"
},
"product_reference": "open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64"
},
"product_reference": "open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64"
},
"product_reference": "open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prince-0:9.0r2-4.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src"
},
"product_reference": "prince-0:9.0r2-4.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prince-0:9.0r2-4.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64"
},
"product_reference": "prince-0:9.0r2-4.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pyliblzma-0:0.5.3-7.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src"
},
"product_reference": "pyliblzma-0:0.5.3-7.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pyliblzma-0:0.5.3-7.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64"
},
"product_reference": "pyliblzma-0:0.5.3-7.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64"
},
"product_reference": "pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src"
},
"product_reference": "ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src"
},
"product_reference": "ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src"
},
"product_reference": "ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src"
},
"product_reference": "ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-json-0:1.8.2-2.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src"
},
"product_reference": "ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src"
},
"product_reference": "ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-pg-0:0.12.2-9.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src"
},
"product_reference": "ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-psych-0:2.0.13-1.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src"
},
"product_reference": "ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src"
},
"product_reference": "ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src"
},
"product_reference": "ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-thin-0:1.3.1-9.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src"
},
"product_reference": "ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64"
},
"product_reference": "ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sneakernet_ca-0:0.1-2.el6cf.noarch as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch"
},
"product_reference": "sneakernet_ca-0:0.1-2.el6cf.noarch",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sneakernet_ca-0:0.1-2.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src"
},
"product_reference": "sneakernet_ca-0:0.1-2.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wmi-0:1.3.14-1.el6cf.src as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src"
},
"product_reference": "wmi-0:1.3.14-1.el6cf.src",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wmi-0:1.3.14-1.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64"
},
"product_reference": "wmi-0:1.3.14-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wmi-debuginfo-0:1.3.14-1.el6cf.x86_64 as a component of CloudForms Management Engine 5.4",
"product_id": "6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
},
"product_reference": "wmi-debuginfo-0:1.3.14-1.el6cf.x86_64",
"relates_to_product_reference": "6Server-CFME-5.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ruby on Rails project"
]
},
{
"names": [
"Aaron Neyer"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2013-4389",
"cwe": {
"id": "CWE-134",
"name": "Use of Externally-Controlled Format String"
},
"discovery_date": "2013-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1013913"
}
],
"notes": [
{
"category": "description",
"text": "Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionmailer: email address processing DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nThis issue did not affect the versions of rubygem-actionmailer as shipped with Red Hat Subscription Asset Manager 1 as they do not include support for sending email using user supplied addresses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4389"
},
{
"category": "external",
"summary": "RHBZ#1013913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4389",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4389"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4389",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4389"
}
],
"release_date": "2013-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-06-16T12:28:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/",
"product_ids": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2015:1100"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rubygem-actionmailer: email address processing DoS"
},
{
"cve": "CVE-2013-4492",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1039435"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-i18n: cross-site scripting flaw in exception handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4492"
},
{
"category": "external",
"summary": "RHBZ#1039435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4492",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4492"
}
],
"release_date": "2013-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-06-16T12:28:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/",
"product_ids": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2015:1100"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-i18n: cross-site scripting flaw in exception handling"
},
{
"acknowledgments": [
{
"names": [
"Ruby on Rails project"
]
}
],
"cve": "CVE-2014-7819",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2014-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1161527"
}
],
"notes": [
{
"category": "description",
"text": "Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-sprockets: arbitrary file existence disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-7819"
},
{
"category": "external",
"summary": "RHBZ#1161527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-7819",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7819"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-7819",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7819"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY"
}
],
"release_date": "2014-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-06-16T12:28:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/",
"product_ids": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2015:1100"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rubygem-sprockets: arbitrary file existence disclosure"
},
{
"cve": "CVE-2015-1820",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2015-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205291"
}
],
"notes": [
{
"category": "description",
"text": "REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "With the release of Satellite 6.9 available, this bug is being closed as wontfix as all parts of our Ruby stack are running under the SCL now with rest-client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1820"
},
{
"category": "external",
"summary": "RHBZ#1205291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1820",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1820"
}
],
"release_date": "2015-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-06-16T12:28:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/",
"product_ids": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2015:1100"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses"
},
{
"cve": "CVE-2015-3448",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2015-04-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1240982"
}
],
"notes": [
{
"category": "description",
"text": "REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rest-client: unsanitized application logging",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3448"
},
{
"category": "external",
"summary": "RHBZ#1240982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1240982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3448",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3448"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3448",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3448"
}
],
"release_date": "2015-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-06-16T12:28:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/",
"product_ids": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2015:1100"
},
{
"category": "workaround",
"details": "The permissions on log files can be changed, e.g. using \"chmod o-rwx\" to prevent anyone but the user and group owner of the file from reading it. Additionally the group permissions can also be removed, e.g. \"chmod g-rwx\" if only the user owning the file should be able to see it.",
"product_ids": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-appliance-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-debuginfo-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.src",
"6Server-CFME-5.4:cfme-gemset-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-lib-0:5.4.0.5-1.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.src",
"6Server-CFME-5.4:cfme-vnc-plugin-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:cfme-vnc-plugin-debuginfo-0:1.0.0-2.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.src",
"6Server-CFME-5.4:libdnet-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-debuginfo-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-devel-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:libdnet-progs-0:1.12-11.el6cf.x86_64",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.src",
"6Server-CFME-5.4:lshw-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-debuginfo-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:lshw-gui-0:B.02.16-4.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.src",
"6Server-CFME-5.4:netapp-manageability-sdk-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:netapp-manageability-sdk-devel-0:4.0P1-3.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.src",
"6Server-CFME-5.4:open-vm-tools-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-debuginfo-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-desktop-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:open-vm-tools-devel-0:9.2.3-5.el6cf.x86_64",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.src",
"6Server-CFME-5.4:prince-0:9.0r2-4.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.src",
"6Server-CFME-5.4:pyliblzma-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:pyliblzma-debuginfo-0:0.5.3-7.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-bcrypt-ruby-debuginfo-0:3.0.1-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-eventmachine-debuginfo-0:1.0.7-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-ffi-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-ffi-debuginfo-0:1.9.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-io-extra-debuginfo-0:1.2.8-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-json-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-json-debuginfo-0:1.8.2-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-nokogiri-debuginfo-0:1.5.11-2.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-pg-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-pg-debuginfo-0:0.12.2-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-psych-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-psych-debuginfo-0:2.0.13-1.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-qpid_messaging-debuginfo-0:0.20.2-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-therubyracer-debuginfo-0:0.11.0-5.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.src",
"6Server-CFME-5.4:ruby200-rubygem-thin-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:ruby200-rubygem-thin-debuginfo-0:1.3.1-9.el6cf.x86_64",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.noarch",
"6Server-CFME-5.4:sneakernet_ca-0:0.1-2.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.src",
"6Server-CFME-5.4:wmi-0:1.3.14-1.el6cf.x86_64",
"6Server-CFME-5.4:wmi-debuginfo-0:1.3.14-1.el6cf.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rubygem-rest-client: unsanitized application logging"
}
]
}
fkie_cve-2014-7819
Vulnerability from fkie_nvd
Published
2014-11-08 11:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ | Third Party Advisory | |
| secalert@redhat.com | https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sprockets_project | sprockets | * | |
| sprockets_project | sprockets | * | |
| sprockets_project | sprockets | * | |
| sprockets_project | sprockets | * | |
| sprockets_project | sprockets | * | |
| sprockets_project | sprockets | * | |
| sprockets_project | sprockets | * | |
| sprockets_project | sprockets | * | |
| sprockets_project | sprockets | * | |
| sprockets_project | sprockets | * | |
| sprockets_project | sprockets | * | |
| sprockets_project | sprockets | * | |
| sprockets_project | sprockets | 2.6.0 | |
| sprockets_project | sprockets | 3.0.0 | |
| sprockets_project | sprockets | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36F5A38C-B51C-4455-80B2-3FA89022C72B",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8177C76-1C51-41E2-9647-107A76D9A9C0",
"versionEndExcluding": "2.1.4",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328E446A-05ED-4B23-9027-BC43A529C1AA",
"versionEndExcluding": "2.2.3",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"matchCriteriaId": "659F0437-C16E-422C-89A8-448EDA78F48E",
"versionEndExcluding": "2.3.3",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02AFF247-E71C-4C01-AB2A-EAF1CF171AC0",
"versionEndExcluding": "2.4.6",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50BAFDB7-A9B8-42E7-BC49-0D38DBC1E527",
"versionEndExcluding": "2.5.1",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDE474C-2C05-4D15-B24F-82635B7FD896",
"versionEndExcluding": "2.7.1",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4C63A3-F044-49CD-8D72-D8614C359250",
"versionEndExcluding": "2.8.3",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7774FEE9-5ED9-4976-B363-38D838B8BA57",
"versionEndExcluding": "2.9.4",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7660A259-00F1-4CB6-AAE6-85D769DB4A64",
"versionEndExcluding": "2.10.2",
"versionStartIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70228E9F-071E-45B6-9FBA-FE85DB04806E",
"versionEndExcluding": "2.11.3",
"versionStartIncluding": "2.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA983B03-4446-4FE4-8EC7-DAFC9498CE6D",
"versionEndExcluding": "2.12.3",
"versionStartIncluding": "2.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8632528E-DF46-47BC-A229-E773D0CA4EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E99F6172-6BF6-4FD1-BA63-1A9A0244FBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "84D71F8E-38B6-4E96-B745-3D19DC64504D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en server.rb en Sprockets anterior a 2.0.5, 2.1.x anterior a 2.1.4, 2.2.x anterior a 2.2.3, 2.3.x anterior a 2.3.3, 2.4.x anterior a 2.4.6, 2.5.x anterior a 2.5.1, 2.6.x y 2.7.x anterior a 2.7.1, 2.8.x anterior a 2.8.3, 2.9.x anterior a 2.9.4, 2.10.x anterior a 2.10.2, 2.11.x anterior a 2.11.3, 2.12.x anterior a 2.12.3, y 3.x anterior a 3.0.0.beta.3, distribuido con Ruby on Rails 3.x y 4.x, permiten a atacantes remotos determinar la existencia de ficheros fuera del root de la aplicaci\u00f3n a trav\u00e9s de una secuencia ../ (punto punto barra) con (1) barras dobles o (2) codificaci\u00f3n de URL."
}
],
"id": "CVE-2014-7819",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-08T11:55:03.023",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2014-7819
Vulnerability from gsd
Modified
2014-10-30 00:00
Details
Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-7819",
"description": "Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.",
"id": "GSD-2014-7819",
"references": [
"https://www.suse.com/security/cve/CVE-2014-7819.html",
"https://access.redhat.com/errata/RHBA-2015:1100",
"https://advisories.mageia.org/CVE-2014-7819.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "sprockets",
"purl": "pkg:gem/sprockets"
}
}
],
"aliases": [
"CVE-2014-7819",
"OSVDB-113965"
],
"details": "Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.",
"id": "GSD-2014-7819",
"modified": "2014-10-30T00:00:00.000Z",
"published": "2014-10-30T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 5.0,
"type": "CVSS_V2"
}
],
"summary": "CVE-2014-7819 rubygem-sprockets: arbitrary file existence disclosure"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html"
},
{
"name": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ",
"refsource": "MISC",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ"
},
{
"name": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ",
"refsource": "MISC",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-7819",
"cvss_v2": 5.0,
"date": "2014-10-30",
"description": "Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.",
"gem": "sprockets",
"osvdb": 113965,
"patched_versions": [
"~\u003e 2.0.5",
"~\u003e 2.1.4",
"~\u003e 2.2.3",
"~\u003e 2.3.3",
"~\u003e 2.4.6",
"~\u003e 2.5.1",
"~\u003e 2.7.1",
"~\u003e 2.8.3",
"~\u003e 2.9.4",
"~\u003e 2.10.2",
"~\u003e 2.11.3",
"~\u003e 2.12.3",
"\u003e= 3.0.0.beta.3"
],
"title": "CVE-2014-7819 rubygem-sprockets: arbitrary file existence disclosure",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=3.0.0a \u003c3.0.0.beta.3||\u003e=2.12.0a \u003c2.12.3||\u003e=2.11.0a \u003c2.11.3||\u003e=2.10.0a \u003c2.10.2||\u003e=2.9.0a \u003c2.9.4||\u003e=2.8.0a \u003c2.8.3||\u003e=2.7.0a \u003c2.7.1||\u003e=2.5.0a \u003c2.5.1||\u003e=2.4.0a \u003c2.4.6||\u003e=2.3.0a \u003c2.3.3||\u003e=2.2.0a \u003c2.2.3||\u003e=2.1.0a \u003c2.1.4||\u003e=2.0.0 \u003c2.0.5",
"affected_versions": "All versions starting from 3.0.0a before 3.0.0.beta.3, all versions starting from 2.12.0a before 2.12.3, all versions starting from 2.11.0a before 2.11.3, all versions starting from 2.10.0a before 2.10.2, all versions starting from 2.9.0a before 2.9.4, all versions starting from 2.8.0a before 2.8.3, all versions starting from 2.7.0a before 2.7.1, all versions starting from 2.5.0a before 2.5.1, all versions starting from 2.4.0a before 2.4.6, all versions starting from 2.3.0a before 2.3.3, all versions starting from 2.2.0a before 2.2.3, all versions starting from 2.1.0a before 2.1.4, all versions starting from 2.0.0 before 2.0.5",
"credit": "Eaden McKee, Dennis Hackethal \u0026 Christian Hansen of Crowdcurity, Juan C. M\u00fcller \u0026 Mike McClurg of Greenhouse.io and Alex Ianus of Coinbase",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-22",
"CWE-937"
],
"date": "2018-12-18",
"description": "Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside an application\u0027s root directory. The files will not be served, but attackers can determine whether the file exists.",
"fixed_versions": [
"2.0.5",
"2.1.4",
"2.10.2",
"2.11.3",
"2.12.3",
"2.2.3",
"2.3.3",
"2.4.6",
"2.5.1",
"2.7.1",
"2.8.3",
"2.9.4",
"3.0.0.beta.3"
],
"identifier": "CVE-2014-7819",
"identifiers": [
"CVE-2014-7819"
],
"package_slug": "gem/sprockets",
"pubdate": "2014-11-08",
"solution": "Upgrade to latest or use workaround.\r\n\r\nIn Rails applications, work around this issue, set config.serve_static_assets = false in an initializer. This work around will not be possible in all hosting environments and upgrading is advised.",
"title": "Arbitrary file existence disclosure",
"urls": [
"https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY"
],
"uuid": "e6fce8ce-942c-40c0-93ae-e570d32bbac7"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.4",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.3",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.4.6",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.5.1",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.1",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.3",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.4",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.10.2",
"versionStartIncluding": "2.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.11.3",
"versionStartIncluding": "2.11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.12.3",
"versionStartIncluding": "2.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7819"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rubyonrails-security] 20141030 Arbitrary file existence disclosure in Sprockets (CVE-2014-7819)",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ"
},
{
"name": "[rubyonrails-security] 20141030 [AMENDED] [CVE-2014-7819] Arbitrary file existence disclosure in Sprockets",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ"
},
{
"name": "openSUSE-SU-2014:1513",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html"
},
{
"name": "openSUSE-SU-2014:1514",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html"
},
{
"name": "openSUSE-SU-2014:1504",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html"
},
{
"name": "openSUSE-SU-2014:1502",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T00:42Z",
"publishedDate": "2014-11-08T11:55Z"
}
}
}
ghsa-33pp-3763-mrfp
Vulnerability from github
Published
2017-10-24 18:33
Modified
2023-03-01 18:54
VLAI Severity ?
Summary
sprockets vulnerable to Path Traversal
Details
Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "sprockets"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "sprockets"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "sprockets"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "sprockets"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "sprockets"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "sprockets"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "sprockets"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "sprockets"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "sprockets"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "sprockets"
},
"ranges": [
{
"events": [
{
"introduced": "2.10.0"
},
{
"fixed": "2.10.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "sprockets"
},
"ranges": [
{
"events": [
{
"introduced": "2.11.0"
},
{
"fixed": "2.11.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "sprockets"
},
"ranges": [
{
"events": [
{
"introduced": "2.12.0"
},
{
"fixed": "2.12.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-7819"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T20:53:55Z",
"nvd_published_at": "2014-11-08T11:55:00Z",
"severity": "MODERATE"
},
"details": "Multiple directory traversal vulnerabilities in `server.rb` in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.",
"id": "GHSA-33pp-3763-mrfp",
"modified": "2023-03-01T18:54:54Z",
"published": "2017-10-24T18:33:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7819"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2015:1100"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2014-7819"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161527"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "sprockets vulnerable to Path Traversal"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…