Vulnerability-Lookup

RHSA-2016:0454

Vulnerability from csaf_redhat - Published: 2016-03-15 20:56 - Updated: 2026-03-02 16:08

Summary

Red Hat Security Advisory: ror40 security update

Severity

Important

Notes

Topic: Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details: The ror40 collection provides Ruby on Rails version 4.0. Ruby on Rails is a model-view-controller (MVC) framework for web application development. The following issues were corrected in rubygem-actionpack: Multiple directory traversal flaws were found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use these flaws to render unexpected files and, possibly, execute arbitrary code. (CVE-2016-0752, CVE-2016-2097) A code injection flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code. (CVE-2016-2098) A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service. (CVE-2016-0751) A flaw was found in the Action Pack component's caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service. (CVE-2015-7581) A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack. (CVE-2015-7576) The following issue was corrected in rubygem-activerecord: A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes. (CVE-2015-7577) Red Hat would like to thank the Ruby on Rails project for reporting these issues. Upstream acknowledges John Poulin as the original reporter of CVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original reporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen (Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red Hat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the original reporter of CVE-2015-7576, and Justin Coyne as the original reporter of CVE-2015-7577. All ror40 collection rubygem-actionpack and rubygem-activerecord packages users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using the ror40 collection must be restarted for this update to take effect.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2015-7576

A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack.

4.3 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-385 - Covert Timing Channel

Vendor Fix Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2016:0454

Workaround Use following code to monkey-patch http_basic_authenticate_with method in ActionController: ~~~ module ActiveSupport module SecurityUtils def secure_compare(a, b) return false unless a.bytesize == b.bytesize l = a.unpack "C#{a.bytesize}" res = 0 b.each_byte { |byte| res |= byte ^ l.shift } res == 0 end module_function :secure_compare def variable_size_secure_compare(a, b) secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b)) end module_function :variable_size_secure_compare end end module ActionController class Base def self.http_basic_authenticate_with(options = {}) before_action(options.except(:name, :password, :realm)) do authenticate_or_request_with_http_basic(options[:realm] || "Application") do |name, password| # This comparison uses & so that it doesn't short circuit and # uses `variable_size_secure_compare` so that length information # isn't leaked. ActiveSupport::SecurityUtils.variable_size_secure_compare(name, options[:name]) & ActiveSupport::SecurityUtils.variable_size_secure_compare(password, options[:password]) end end end end end ~~~

CVE-2015-7577

A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes.

4.3 ()


                        
                          AV:N/AC:M/Au:N/C:N/I:P/A:N

CVE-2015-7581

A flaw was found in the Action Pack component's caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service.

4.3 ()


                        
                          AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-770 - Allocation of Resources Without Limits or Throttling

CVE-2016-0751

A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service.

4.3 ()


                        
                          AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-770 - Allocation of Resources Without Limits or Throttling

Workaround Use following code to monkey-patch mime types cache and disable caching. ``` require 'action_dispatch/http/mime_type' Mime.const_set :LOOKUP, Hash.new { |h,k| Mime::Type.new(k) unless k.blank? } ``` Alternatively perform filtering of mime types in the Accept header to allow only known types.

CVE-2016-0752

A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Workaround Avoid passing untrusted input to render method, or verify the input using whitelist before passing it to the render method: ``` def index render verify_template(params[:id]) end private def verify_template(name) # add verification logic particular to your application here end ```

CVE-2016-2097

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2016-2098

A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code.

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-94 - Improper Control of Generation of Code ('Code Injection')

References

URL

Category

	https://access.redhat.com/errata/RHSA-2016:0454	self
	https://access.redhat.com/security/updates/classi…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1301933	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1301946	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1301957	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1301963	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1301981	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1310043	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1310054	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2015-7576	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1301933	external
	https://www.cve.org/CVERecord?id=CVE-2015-7576	external
	https://nvd.nist.gov/vuln/detail/CVE-2015-7576	external
	http://weblog.rubyonrails.org/2016/1/25/Rails-5-0…	external
	https://groups.google.com/forum/#!msg/rubyonrails…	external
	https://access.redhat.com/security/cve/CVE-2015-7577	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1301957	external
	https://www.cve.org/CVERecord?id=CVE-2015-7577	external
	https://nvd.nist.gov/vuln/detail/CVE-2015-7577	external
	https://groups.google.com/forum/#!msg/rubyonrails…	external
	https://access.redhat.com/security/cve/CVE-2015-7581	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1301981	external
	https://www.cve.org/CVERecord?id=CVE-2015-7581	external
	https://nvd.nist.gov/vuln/detail/CVE-2015-7581	external
	https://groups.google.com/forum/#!msg/rubyonrails…	external
	https://access.redhat.com/security/cve/CVE-2016-0751	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1301946	external
	https://www.cve.org/CVERecord?id=CVE-2016-0751	external
	https://nvd.nist.gov/vuln/detail/CVE-2016-0751	external
	https://groups.google.com/forum/#!msg/rubyonrails…	external
	https://access.redhat.com/security/cve/CVE-2016-0752	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1301963	external
	https://www.cve.org/CVERecord?id=CVE-2016-0752	external
	https://nvd.nist.gov/vuln/detail/CVE-2016-0752	external
	https://groups.google.com/forum/#!msg/rubyonrails…	external
	https://nvisium.com/blog/2016/01/26/rails-dynamic…	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2016-2097	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1310043	external
	https://www.cve.org/CVERecord?id=CVE-2016-2097	external
	https://nvd.nist.gov/vuln/detail/CVE-2016-2097	external
	https://groups.google.com/forum/#!msg/rubyonrails…	external
	https://access.redhat.com/security/cve/CVE-2016-2098	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1310054	external
	https://www.cve.org/CVERecord?id=CVE-2016-2098	external
	https://nvd.nist.gov/vuln/detail/CVE-2016-2098	external
	https://groups.google.com/forum/#!msg/rubyonrails…	external

Acknowledgments

the Ruby on Rails project

Daniel Waterworth

Justin Coyne

Red Hat Aaron Patterson

John Poulin

Jyoti Singh

makandra Tobias Kraze

Phenoelit joernchen

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages\nthat fix multiple security issues are now available for Red Hat Software\nCollections.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The ror40 collection provides Ruby on Rails version 4.0. Ruby on Rails is\na model-view-controller (MVC) framework for web application development.\n\nThe following issues were corrected in rubygem-actionpack:\n\nMultiple directory traversal flaws were found in the way the Action View\ncomponent searched for templates for rendering. If an application passed\nuntrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker\ncould use these flaws to render unexpected files and, possibly, execute\narbitrary code. (CVE-2016-0752, CVE-2016-2097)\n\nA code injection flaw was found in the way the Action View component\nsearched for templates for rendering. If an application passed untrusted\ninput to the \u0027render\u0027 method, a remote, unauthenticated attacker could use\nthis flaw to execute arbitrary code. (CVE-2016-2098)\n\nA flaw was found in the way the Action Pack component performed MIME type\nlookups. Since queries were cached in a global cache of MIME types, an\nattacker could use this flaw to grow the cache indefinitely, potentially\nresulting in a denial of service. (CVE-2016-0751)\n\nA flaw was found in the Action Pack component\u0027s caching of controller\nreferences. An attacker could use this flaw to cause unbounded memory\ngrowth, potentially resulting in a denial of service. (CVE-2015-7581)\n\nA flaw was found in the way the Action Controller component compared user\nnames and passwords when performing HTTP basic authentication. Time taken\nto compare strings could differ depending on input, possibly allowing a\nremote attacker to determine valid user names and passwords using a timing\nattack. (CVE-2015-7576)\n\nThe following issue was corrected in rubygem-activerecord:\n\nA flaw was found in the Active Record component\u0027s handling of nested\nattributes in combination with the destroy flag. An attacker could possibly\nuse this flaw to set attributes to invalid values or clear all attributes.\n(CVE-2015-7577)\n\nRed Hat would like to thank the Ruby on Rails project for reporting these\nissues. Upstream acknowledges John Poulin as the original reporter of\nCVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original\nreporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen\n(Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red\nHat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the\noriginal reporter of CVE-2015-7576, and Justin Coyne as the original\nreporter of CVE-2015-7577.\n\nAll ror40 collection rubygem-actionpack and rubygem-activerecord packages\nusers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nthe ror40 collection must be restarted for this update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2016:0454",
        "url": "https://access.redhat.com/errata/RHSA-2016:0454"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1301933",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933"
      },
      {
        "category": "external",
        "summary": "1301946",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946"
      },
      {
        "category": "external",
        "summary": "1301957",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957"
      },
      {
        "category": "external",
        "summary": "1301963",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963"
      },
      {
        "category": "external",
        "summary": "1301981",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301981"
      },
      {
        "category": "external",
        "summary": "1310043",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043"
      },
      {
        "category": "external",
        "summary": "1310054",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0454.json"
      }
    ],
    "title": "Red Hat Security Advisory: ror40 security update",
    "tracking": {
      "current_release_date": "2026-03-02T16:08:47+00:00",
      "generator": {
        "date": "2026-03-02T16:08:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.2"
        }
      },
      "id": "RHSA-2016:0454",
      "initial_release_date": "2016-03-15T20:56:17+00:00",
      "revision_history": [
        {
          "date": "2016-03-15T20:56:17+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2016-03-15T20:56:17+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-02T16:08:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
                  "product_id": "7Server-RHSCL-2.1-7.2.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-RHSCL-2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-RHSCL-2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
                  "product_id": "7Server-RHSCL-2.1-7.1.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
                  "product_id": "6Server-RHSCL-2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
                  "product_id": "6Workstation-RHSCL-2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
                  "product_id": "6Server-RHSCL-2.1-6.7.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
                  "product_id": "6Server-RHSCL-2.1-6.6.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Software Collections"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
                "product": {
                  "name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
                  "product_id": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-activerecord@4.0.2-6.el7?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
                "product": {
                  "name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
                  "product_id": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-activesupport@4.0.2-4.el7?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
                "product": {
                  "name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
                  "product_id": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-actionpack@4.0.2-7.el7?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
                "product": {
                  "name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
                  "product_id": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-activerecord@4.0.2-6.el6?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
                "product": {
                  "name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
                  "product_id": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-activesupport@4.0.2-4.el6?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
                "product": {
                  "name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
                  "product_id": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-actionpack@4.0.2-7.el6?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
                "product": {
                  "name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
                  "product_id": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-activerecord@4.0.2-6.el7?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
                "product": {
                  "name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
                  "product_id": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-activerecord-doc@4.0.2-6.el7?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
                "product": {
                  "name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
                  "product_id": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-activesupport@4.0.2-4.el7?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
                "product": {
                  "name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
                  "product_id": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-actionpack@4.0.2-7.el7?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
                "product": {
                  "name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
                  "product_id": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-actionpack-doc@4.0.2-7.el7?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
                "product": {
                  "name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
                  "product_id": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-activerecord@4.0.2-6.el6?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
                "product": {
                  "name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
                  "product_id": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-activerecord-doc@4.0.2-6.el6?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
                "product": {
                  "name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
                  "product_id": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-activesupport@4.0.2-4.el6?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
                "product": {
                  "name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
                  "product_id": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-actionpack-doc@4.0.2-7.el6?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
                "product": {
                  "name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
                  "product_id": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ror40-rubygem-actionpack@4.0.2-7.el6?arch=noarch\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
          "product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
          "product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
          "product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
          "product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
          "product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
          "product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
          "product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
          "product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
        "relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
        "relates_to_product_reference": "6Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
        "relates_to_product_reference": "6Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
        "relates_to_product_reference": "6Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
        "relates_to_product_reference": "6Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
        "relates_to_product_reference": "6Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
        "relates_to_product_reference": "6Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
        "relates_to_product_reference": "6Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
        "relates_to_product_reference": "6Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
        "relates_to_product_reference": "6Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
        "relates_to_product_reference": "6Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
        "relates_to_product_reference": "6Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
          "product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
          "product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
          "product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
          "product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
          "product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
          "product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
          "product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
          "product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
        "relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
        "relates_to_product_reference": "7Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
        "relates_to_product_reference": "7Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
        "relates_to_product_reference": "7Server-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
        "relates_to_product_reference": "7Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src"
        },
        "product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
        "relates_to_product_reference": "7Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch"
        },
        "product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
        "relates_to_product_reference": "7Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
        "relates_to_product_reference": "7Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src"
        },
        "product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
        "relates_to_product_reference": "7Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch"
        },
        "product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
        "relates_to_product_reference": "7Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
        "relates_to_product_reference": "7Workstation-RHSCL-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
        },
        "product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
        "relates_to_product_reference": "7Workstation-RHSCL-2.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the Ruby on Rails project"
          ]
        },
        {
          "names": [
            "Daniel Waterworth"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2015-7576",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2016-01-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1301933"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-7576"
        },
        {
          "category": "external",
          "summary": "RHBZ#1301933",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-7576",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-7576"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576"
        },
        {
          "category": "external",
          "summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
          "url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ",
          "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ"
        }
      ],
      "release_date": "2016-01-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-03-15T20:56:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:0454"
        },
        {
          "category": "workaround",
          "details": "Use following code to monkey-patch http_basic_authenticate_with method in ActionController:\n\n~~~\nmodule ActiveSupport\n  module SecurityUtils\n    def secure_compare(a, b)\n      return false unless a.bytesize == b.bytesize\n\n      l = a.unpack \"C#{a.bytesize}\"\n\n      res = 0\n      b.each_byte { |byte| res |= byte ^ l.shift }\n      res == 0\n    end\n    module_function :secure_compare\n\n    def variable_size_secure_compare(a, b)\n      secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))\n    end\n    module_function :variable_size_secure_compare\n  end\nend\n\nmodule ActionController\n  class Base\n    def self.http_basic_authenticate_with(options = {})\n      before_action(options.except(:name, :password, :realm)) do\n        authenticate_or_request_with_http_basic(options[:realm] || \"Application\") do |name, password|\n          # This comparison uses \u0026 so that it doesn\u0027t short circuit and\n          # uses `variable_size_secure_compare` so that length information\n          # isn\u0027t leaked.\n          ActiveSupport::SecurityUtils.variable_size_secure_compare(name, options[:name]) \u0026\n            ActiveSupport::SecurityUtils.variable_size_secure_compare(password, options[:password])\n        end\n      end\n    end\n  end\nend\n~~~",
          "product_ids": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the Ruby on Rails project"
          ]
        },
        {
          "names": [
            "Justin Coyne"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2015-7577",
      "discovery_date": "2016-01-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1301957"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Active Record component\u0027s handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-activerecord: Nested attributes rejection proc bypass in Active Record",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-7577"
        },
        {
          "category": "external",
          "summary": "RHBZ#1301957",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-7577",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-7577"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577"
        },
        {
          "category": "external",
          "summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
          "url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ",
          "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ"
        }
      ],
      "release_date": "2016-01-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-03-15T20:56:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:0454"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rubygem-activerecord: Nested attributes rejection proc bypass in Active Record"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the Ruby on Rails project"
          ]
        }
      ],
      "cve": "CVE-2015-7581",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2016-01-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1301981"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Action Pack component\u0027s caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-7581"
        },
        {
          "category": "external",
          "summary": "RHBZ#1301981",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301981"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-7581",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-7581"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7581",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7581"
        },
        {
          "category": "external",
          "summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
          "url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ",
          "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ"
        }
      ],
      "release_date": "2016-01-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-03-15T20:56:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:0454"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the Ruby on Rails project"
          ]
        },
        {
          "names": [
            "Aaron Patterson"
          ],
          "organization": "Red Hat",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2016-0751",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2016-01-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1301946"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-actionpack: possible object leak and denial of service attack in Action Pack",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-0751"
        },
        {
          "category": "external",
          "summary": "RHBZ#1301946",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0751",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-0751"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751"
        },
        {
          "category": "external",
          "summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
          "url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ",
          "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ"
        }
      ],
      "release_date": "2016-01-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-03-15T20:56:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:0454"
        },
        {
          "category": "workaround",
          "details": "Use following code to monkey-patch mime types cache and disable caching.\n\n```\nrequire \u0027action_dispatch/http/mime_type\u0027\n\nMime.const_set :LOOKUP, Hash.new { |h,k|\n  Mime::Type.new(k) unless k.blank?\n} \n```\n\nAlternatively perform filtering of mime types in the Accept header to allow only known types.",
          "product_ids": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rubygem-actionpack: possible object leak and denial of service attack in Action Pack"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the Ruby on Rails project"
          ]
        },
        {
          "names": [
            "John Poulin"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2016-0752",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2016-01-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1301963"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-actionpack: directory traversal flaw in Action View",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-0752"
        },
        {
          "category": "external",
          "summary": "RHBZ#1301963",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0752",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-0752"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ",
          "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ"
        },
        {
          "category": "external",
          "summary": "https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/",
          "url": "https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2016-01-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-03-15T20:56:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:0454"
        },
        {
          "category": "workaround",
          "details": "Avoid passing untrusted input to render method, or verify the input using whitelist before passing it to the render method:\n\n```\n\ndef index\n  render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n  # add verification logic particular to your application here\nend\n\n```",
          "product_ids": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-25T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "rubygem-actionpack: directory traversal flaw in Action View"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the Ruby on Rails project"
          ]
        },
        {
          "names": [
            "Jyoti Singh"
          ],
          "summary": "Acknowledged by upstream."
        },
        {
          "names": [
            "Tobias Kraze"
          ],
          "organization": "makandra",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2016-2097",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2016-02-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1310043"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-2097"
        },
        {
          "category": "external",
          "summary": "RHBZ#1310043",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2097",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-2097"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ",
          "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ"
        }
      ],
      "release_date": "2016-02-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-03-15T20:56:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:0454"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the Ruby on Rails project"
          ]
        },
        {
          "names": [
            "Tobias Kraze"
          ],
          "organization": "makandra",
          "summary": "Acknowledged by upstream."
        },
        {
          "names": [
            "joernchen"
          ],
          "organization": "Phenoelit",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2016-2098",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2016-02-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1310054"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-actionpack: code injection vulnerability in Action View",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
          "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
          "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-2098"
        },
        {
          "category": "external",
          "summary": "RHBZ#1310054",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2098",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-2098"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ",
          "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
        }
      ],
      "release_date": "2016-02-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-03-15T20:56:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:0454"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
            "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
            "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "rubygem-actionpack: code injection vulnerability in Action View"
    }
  ]
}

CVE-2016-2098 (GCVE-0-2016-2098)

Vulnerability from cvelistv5 – Published: 2016-04-07 23:00 – Updated: 2024-08-05 23:17

Summary

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3509	vendor-advisoryx_refsource_DEBIAN
	http://www.securityfocus.com/bid/83725	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1035122	vdb-entryx_refsource_SECTRACK
	https://www.exploit-db.com/exploits/40086/	exploitx_refsource_EXPLOIT-DB
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://groups.google.com/forum/message/raw?msg=r…	mailing-listx_refsource_MLIST
	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2…	x_refsource_CONFIRM

Date Public ?

2016-02-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.698Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:0867",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
          },
          {
            "name": "SUSE-SU-2016:0967",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
          },
          {
            "name": "DSA-3509",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3509"
          },
          {
            "name": "83725",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/83725"
          },
          {
            "name": "1035122",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035122"
          },
          {
            "name": "40086",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40086/"
          },
          {
            "name": "SUSE-SU-2016:0854",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
          },
          {
            "name": "openSUSE-SU-2016:0790",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
          },
          {
            "name": "SUSE-SU-2016:1146",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
          },
          {
            "name": "openSUSE-SU-2016:0835",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
          },
          {
            "name": "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-02T09:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:0867",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
        },
        {
          "name": "SUSE-SU-2016:0967",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
        },
        {
          "name": "DSA-3509",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3509"
        },
        {
          "name": "83725",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/83725"
        },
        {
          "name": "1035122",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035122"
        },
        {
          "name": "40086",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40086/"
        },
        {
          "name": "SUSE-SU-2016:0854",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
        },
        {
          "name": "openSUSE-SU-2016:0790",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
        },
        {
          "name": "SUSE-SU-2016:1146",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
        },
        {
          "name": "openSUSE-SU-2016:0835",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
        },
        {
          "name": "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-2098",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:0867",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
            },
            {
              "name": "SUSE-SU-2016:0967",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
            },
            {
              "name": "DSA-3509",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3509"
            },
            {
              "name": "83725",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/83725"
            },
            {
              "name": "1035122",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035122"
            },
            {
              "name": "40086",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40086/"
            },
            {
              "name": "SUSE-SU-2016:0854",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
            },
            {
              "name": "openSUSE-SU-2016:0790",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
            },
            {
              "name": "SUSE-SU-2016:1146",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
            },
            {
              "name": "openSUSE-SU-2016:0835",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
            },
            {
              "name": "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack",
              "refsource": "MLIST",
              "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
            },
            {
              "name": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/",
              "refsource": "CONFIRM",
              "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2098",
    "datePublished": "2016-04-07T23:00:00.000Z",
    "dateReserved": "2016-01-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T23:17:50.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0752 (GCVE-0-2016-0752)

Vulnerability from cvelistv5 – Published: 2016-02-16 02:00 – Updated: 2025-10-21 23:55

Summary

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

Assigner

redhat

References

URL

Tags

	https://www.exploit-db.com/exploits/40561/	exploitx_refsource_EXPLOIT-DB
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/0…	mailing-listx_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/bid/81801	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1034816	vdb-entryx_refsource_SECTRACK
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	https://groups.google.com/forum/message/raw?msg=r…	mailing-listx_refsource_MLIST
	http://www.debian.org/security/2016/dsa-3464	vendor-advisoryx_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2016-0296.html	vendor-advisoryx_refsource_REDHAT

Date Public ?

2016-01-25 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:03.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "40561",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40561/"
          },
          {
            "name": "openSUSE-SU-2016:0372",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
          },
          {
            "name": "openSUSE-SU-2016:0363",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
          },
          {
            "name": "[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/25/13"
          },
          {
            "name": "FEDORA-2016-97002ad37b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"
          },
          {
            "name": "SUSE-SU-2016:1146",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
          },
          {
            "name": "81801",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81801"
          },
          {
            "name": "1034816",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034816"
          },
          {
            "name": "FEDORA-2016-fa0dec2360",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"
          },
          {
            "name": "[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
          },
          {
            "name": "DSA-3464",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3464"
          },
          {
            "name": "RHSA-2016:0296",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2016-0752",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T13:26:36.145115Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:55:55.440Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-25T00:00:00.000Z",
            "value": "CVE-2016-0752 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-09T09:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "40561",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40561/"
        },
        {
          "name": "openSUSE-SU-2016:0372",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
        },
        {
          "name": "openSUSE-SU-2016:0363",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
        },
        {
          "name": "[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/25/13"
        },
        {
          "name": "FEDORA-2016-97002ad37b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"
        },
        {
          "name": "SUSE-SU-2016:1146",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
        },
        {
          "name": "81801",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81801"
        },
        {
          "name": "1034816",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034816"
        },
        {
          "name": "FEDORA-2016-fa0dec2360",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"
        },
        {
          "name": "[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
        },
        {
          "name": "DSA-3464",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3464"
        },
        {
          "name": "RHSA-2016:0296",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-0752",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "40561",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40561/"
            },
            {
              "name": "openSUSE-SU-2016:0372",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
            },
            {
              "name": "openSUSE-SU-2016:0363",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
            },
            {
              "name": "[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/25/13"
            },
            {
              "name": "FEDORA-2016-97002ad37b",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"
            },
            {
              "name": "SUSE-SU-2016:1146",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
            },
            {
              "name": "81801",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81801"
            },
            {
              "name": "1034816",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034816"
            },
            {
              "name": "FEDORA-2016-fa0dec2360",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"
            },
            {
              "name": "[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
              "refsource": "MLIST",
              "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
            },
            {
              "name": "DSA-3464",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3464"
            },
            {
              "name": "RHSA-2016:0296",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0752",
    "datePublished": "2016-02-16T02:00:00.000Z",
    "dateReserved": "2015-12-16T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:55:55.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7577 (GCVE-0-2015-7577)

Vulnerability from cvelistv5 – Published: 2016-02-16 02:00 – Updated: 2024-08-06 07:51

Summary

activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://groups.google.com/forum/message/raw?msg=r…	mailing-listx_refsource_MLIST
	http://www.securitytracker.com/id/1034816	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/81806	vdb-entryx_refsource_BID
	http://www.debian.org/security/2016/dsa-3464	vendor-advisoryx_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2016-0296.html	vendor-advisoryx_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2016/0…	mailing-listx_refsource_MLIST

Date Public ?

2016-01-25 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:28.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2016:0372",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
          },
          {
            "name": "openSUSE-SU-2016:0363",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
          },
          {
            "name": "FEDORA-2016-73fe05d878",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html"
          },
          {
            "name": "FEDORA-2016-cc465a34df",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html"
          },
          {
            "name": "SUSE-SU-2016:1146",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
          },
          {
            "name": "[ruby-security-ann] 20160125 [CVE-2015-7577] Nested attributes rejection proc bypass in Active Record.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/cawsWcQ6c8g/LATIsglZEgAJ"
          },
          {
            "name": "1034816",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034816"
          },
          {
            "name": "81806",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81806"
          },
          {
            "name": "DSA-3464",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3464"
          },
          {
            "name": "RHSA-2016:0296",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
          },
          {
            "name": "[oss-security] 20160125 [CVE-2015-7577] Nested attributes rejection proc bypass in Active Record.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/25/10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-09T09:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2016:0372",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
        },
        {
          "name": "openSUSE-SU-2016:0363",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
        },
        {
          "name": "FEDORA-2016-73fe05d878",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html"
        },
        {
          "name": "FEDORA-2016-cc465a34df",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html"
        },
        {
          "name": "SUSE-SU-2016:1146",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
        },
        {
          "name": "[ruby-security-ann] 20160125 [CVE-2015-7577] Nested attributes rejection proc bypass in Active Record.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/cawsWcQ6c8g/LATIsglZEgAJ"
        },
        {
          "name": "1034816",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034816"
        },
        {
          "name": "81806",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81806"
        },
        {
          "name": "DSA-3464",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3464"
        },
        {
          "name": "RHSA-2016:0296",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
        },
        {
          "name": "[oss-security] 20160125 [CVE-2015-7577] Nested attributes rejection proc bypass in Active Record.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/25/10"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-7577",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2016:0372",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
            },
            {
              "name": "openSUSE-SU-2016:0363",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
            },
            {
              "name": "FEDORA-2016-73fe05d878",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html"
            },
            {
              "name": "FEDORA-2016-cc465a34df",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html"
            },
            {
              "name": "SUSE-SU-2016:1146",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
            },
            {
              "name": "[ruby-security-ann] 20160125 [CVE-2015-7577] Nested attributes rejection proc bypass in Active Record.",
              "refsource": "MLIST",
              "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/cawsWcQ6c8g/LATIsglZEgAJ"
            },
            {
              "name": "1034816",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034816"
            },
            {
              "name": "81806",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81806"
            },
            {
              "name": "DSA-3464",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3464"
            },
            {
              "name": "RHSA-2016:0296",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
            },
            {
              "name": "[oss-security] 20160125 [CVE-2015-7577] Nested attributes rejection proc bypass in Active Record.",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/25/10"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-7577",
    "datePublished": "2016-02-16T02:00:00.000Z",
    "dateReserved": "2015-09-29T00:00:00.000Z",
    "dateUpdated": "2024-08-06T07:51:28.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7576 (GCVE-0-2015-7576)

Vulnerability from cvelistv5 – Published: 2016-02-16 02:00 – Updated: 2024-08-06 07:51

Summary

The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2016/01/25/8	mailing-listx_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.securityfocus.com/bid/81803	vdb-entryx_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securitytracker.com/id/1034816	vdb-entryx_refsource_SECTRACK
	http://www.debian.org/security/2016/dsa-3464	vendor-advisoryx_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2016-0296.html	vendor-advisoryx_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	https://groups.google.com/forum/message/raw?msg=r…	mailing-listx_refsource_MLIST

Date Public ?

2016-01-25 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:28.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20160125 [CVE-2015-7576] Timing attack vulnerability in basic authentication in Action Controller.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/25/8"
          },
          {
            "name": "FEDORA-2016-3ede04cd79",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html"
          },
          {
            "name": "openSUSE-SU-2016:0372",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
          },
          {
            "name": "openSUSE-SU-2016:0363",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
          },
          {
            "name": "FEDORA-2016-94e71ee673",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
          },
          {
            "name": "81803",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81803"
          },
          {
            "name": "FEDORA-2016-f486068393",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"
          },
          {
            "name": "SUSE-SU-2016:1146",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
          },
          {
            "name": "1034816",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034816"
          },
          {
            "name": "DSA-3464",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3464"
          },
          {
            "name": "RHSA-2016:0296",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
          },
          {
            "name": "FEDORA-2016-cb30088b06",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html"
          },
          {
            "name": "[ruby-security-ann] 20160125 [CVE-2015-7576] Timing attack vulnerability in basic authentication in Action Controller.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-09T09:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20160125 [CVE-2015-7576] Timing attack vulnerability in basic authentication in Action Controller.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/25/8"
        },
        {
          "name": "FEDORA-2016-3ede04cd79",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html"
        },
        {
          "name": "openSUSE-SU-2016:0372",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
        },
        {
          "name": "openSUSE-SU-2016:0363",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
        },
        {
          "name": "FEDORA-2016-94e71ee673",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
        },
        {
          "name": "81803",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81803"
        },
        {
          "name": "FEDORA-2016-f486068393",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"
        },
        {
          "name": "SUSE-SU-2016:1146",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
        },
        {
          "name": "1034816",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034816"
        },
        {
          "name": "DSA-3464",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3464"
        },
        {
          "name": "RHSA-2016:0296",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
        },
        {
          "name": "FEDORA-2016-cb30088b06",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html"
        },
        {
          "name": "[ruby-security-ann] 20160125 [CVE-2015-7576] Timing attack vulnerability in basic authentication in Action Controller.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-7576",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20160125 [CVE-2015-7576] Timing attack vulnerability in basic authentication in Action Controller.",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/25/8"
            },
            {
              "name": "FEDORA-2016-3ede04cd79",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html"
            },
            {
              "name": "openSUSE-SU-2016:0372",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
            },
            {
              "name": "openSUSE-SU-2016:0363",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
            },
            {
              "name": "FEDORA-2016-94e71ee673",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
            },
            {
              "name": "81803",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81803"
            },
            {
              "name": "FEDORA-2016-f486068393",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"
            },
            {
              "name": "SUSE-SU-2016:1146",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
            },
            {
              "name": "1034816",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034816"
            },
            {
              "name": "DSA-3464",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3464"
            },
            {
              "name": "RHSA-2016:0296",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
            },
            {
              "name": "FEDORA-2016-cb30088b06",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html"
            },
            {
              "name": "[ruby-security-ann] 20160125 [CVE-2015-7576] Timing attack vulnerability in basic authentication in Action Controller.",
              "refsource": "MLIST",
              "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-7576",
    "datePublished": "2016-02-16T02:00:00.000Z",
    "dateReserved": "2015-09-29T00:00:00.000Z",
    "dateUpdated": "2024-08-06T07:51:28.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0751 (GCVE-0-2016-0751)

Vulnerability from cvelistv5 – Published: 2016-02-16 02:00 – Updated: 2024-08-05 22:30

Summary

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	https://groups.google.com/forum/message/raw?msg=r…	mailing-listx_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/bid/81800	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1034816	vdb-entryx_refsource_SECTRACK
	http://www.openwall.com/lists/oss-security/2016/01/25/9	mailing-listx_refsource_MLIST
	http://www.debian.org/security/2016/dsa-3464	vendor-advisoryx_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2016-0296.html	vendor-advisoryx_refsource_REDHAT

Date Public ?

2016-01-25 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:03.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2016:0372",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
          },
          {
            "name": "openSUSE-SU-2016:0363",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
          },
          {
            "name": "FEDORA-2016-94e71ee673",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
          },
          {
            "name": "[ruby-security-ann] 20160125 [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ"
          },
          {
            "name": "FEDORA-2016-f486068393",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"
          },
          {
            "name": "SUSE-SU-2016:1146",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
          },
          {
            "name": "81800",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81800"
          },
          {
            "name": "1034816",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034816"
          },
          {
            "name": "[oss-security] 20160125 [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/25/9"
          },
          {
            "name": "DSA-3464",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3464"
          },
          {
            "name": "RHSA-2016:0296",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-09T09:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2016:0372",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
        },
        {
          "name": "openSUSE-SU-2016:0363",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
        },
        {
          "name": "FEDORA-2016-94e71ee673",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
        },
        {
          "name": "[ruby-security-ann] 20160125 [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ"
        },
        {
          "name": "FEDORA-2016-f486068393",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"
        },
        {
          "name": "SUSE-SU-2016:1146",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
        },
        {
          "name": "81800",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81800"
        },
        {
          "name": "1034816",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034816"
        },
        {
          "name": "[oss-security] 20160125 [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/25/9"
        },
        {
          "name": "DSA-3464",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3464"
        },
        {
          "name": "RHSA-2016:0296",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-0751",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2016:0372",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
            },
            {
              "name": "openSUSE-SU-2016:0363",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
            },
            {
              "name": "FEDORA-2016-94e71ee673",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
            },
            {
              "name": "[ruby-security-ann] 20160125 [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack",
              "refsource": "MLIST",
              "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ"
            },
            {
              "name": "FEDORA-2016-f486068393",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"
            },
            {
              "name": "SUSE-SU-2016:1146",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
            },
            {
              "name": "81800",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81800"
            },
            {
              "name": "1034816",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034816"
            },
            {
              "name": "[oss-security] 20160125 [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/25/9"
            },
            {
              "name": "DSA-3464",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3464"
            },
            {
              "name": "RHSA-2016:0296",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0751",
    "datePublished": "2016-02-16T02:00:00.000Z",
    "dateReserved": "2015-12-16T00:00:00.000Z",
    "dateUpdated": "2024-08-05T22:30:03.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2097 (GCVE-0-2016-2097)

Vulnerability from cvelistv5 – Published: 2016-04-07 23:00 – Updated: 2024-08-05 23:17

Summary

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3509	vendor-advisoryx_refsource_DEBIAN
	https://groups.google.com/forum/message/raw?msg=r…	mailing-listx_refsource_MLIST
	http://www.securitytracker.com/id/1035122	vdb-entryx_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/bid/83726	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2…	x_refsource_CONFIRM

Date Public ?

2016-02-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.576Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:0967",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
          },
          {
            "name": "DSA-3509",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3509"
          },
          {
            "name": "[ruby-security-ann] 20160229 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ"
          },
          {
            "name": "1035122",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035122"
          },
          {
            "name": "SUSE-SU-2016:0854",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
          },
          {
            "name": "83726",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/83726"
          },
          {
            "name": "openSUSE-SU-2016:0835",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:0967",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
        },
        {
          "name": "DSA-3509",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3509"
        },
        {
          "name": "[ruby-security-ann] 20160229 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ"
        },
        {
          "name": "1035122",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035122"
        },
        {
          "name": "SUSE-SU-2016:0854",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
        },
        {
          "name": "83726",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/83726"
        },
        {
          "name": "openSUSE-SU-2016:0835",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-2097",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:0967",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
            },
            {
              "name": "DSA-3509",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3509"
            },
            {
              "name": "[ruby-security-ann] 20160229 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
              "refsource": "MLIST",
              "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ"
            },
            {
              "name": "1035122",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035122"
            },
            {
              "name": "SUSE-SU-2016:0854",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
            },
            {
              "name": "83726",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/83726"
            },
            {
              "name": "openSUSE-SU-2016:0835",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
            },
            {
              "name": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/",
              "refsource": "CONFIRM",
              "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2097",
    "datePublished": "2016-04-07T23:00:00.000Z",
    "dateReserved": "2016-01-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T23:17:50.576Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7581 (GCVE-0-2015-7581)

Vulnerability from cvelistv5 – Published: 2016-02-16 02:00 – Updated: 2024-08-06 07:51

Summary

actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://groups.google.com/forum/message/raw?msg=r…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/0…	mailing-listx_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securitytracker.com/id/1034816	vdb-entryx_refsource_SECTRACK
	http://www.debian.org/security/2016/dsa-3464	vendor-advisoryx_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2016-0296.html	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/81677	vdb-entryx_refsource_BID

Date Public ?

2016-01-25 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:28.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[ruby-security-ann] 20160125 [CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ"
          },
          {
            "name": "openSUSE-SU-2016:0372",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
          },
          {
            "name": "[oss-security] 20160125 [CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/25/16"
          },
          {
            "name": "FEDORA-2016-94e71ee673",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
          },
          {
            "name": "FEDORA-2016-f486068393",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"
          },
          {
            "name": "SUSE-SU-2016:1146",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
          },
          {
            "name": "1034816",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034816"
          },
          {
            "name": "DSA-3464",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3464"
          },
          {
            "name": "RHSA-2016:0296",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
          },
          {
            "name": "81677",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81677"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application\u0027s use of a wildcard controller route."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-09T09:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[ruby-security-ann] 20160125 [CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ"
        },
        {
          "name": "openSUSE-SU-2016:0372",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
        },
        {
          "name": "[oss-security] 20160125 [CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/25/16"
        },
        {
          "name": "FEDORA-2016-94e71ee673",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
        },
        {
          "name": "FEDORA-2016-f486068393",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"
        },
        {
          "name": "SUSE-SU-2016:1146",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
        },
        {
          "name": "1034816",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034816"
        },
        {
          "name": "DSA-3464",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3464"
        },
        {
          "name": "RHSA-2016:0296",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
        },
        {
          "name": "81677",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81677"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-7581",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application\u0027s use of a wildcard controller route."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[ruby-security-ann] 20160125 [CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack",
              "refsource": "MLIST",
              "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ"
            },
            {
              "name": "openSUSE-SU-2016:0372",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
            },
            {
              "name": "[oss-security] 20160125 [CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/25/16"
            },
            {
              "name": "FEDORA-2016-94e71ee673",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
            },
            {
              "name": "FEDORA-2016-f486068393",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"
            },
            {
              "name": "SUSE-SU-2016:1146",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
            },
            {
              "name": "1034816",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034816"
            },
            {
              "name": "DSA-3464",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3464"
            },
            {
              "name": "RHSA-2016:0296",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
            },
            {
              "name": "81677",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81677"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-7581",
    "datePublished": "2016-02-16T02:00:00.000Z",
    "dateReserved": "2015-09-29T00:00:00.000Z",
    "dateUpdated": "2024-08-06T07:51:28.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2016:0454

CVE-2016-2098 (GCVE-0-2016-2098)

CVE-2016-0752 (GCVE-0-2016-0752)

CVE-2015-7577 (GCVE-0-2015-7577)

CVE-2015-7576 (GCVE-0-2015-7576)

CVE-2016-0751 (GCVE-0-2016-0751)

CVE-2016-2097 (GCVE-0-2016-2097)

CVE-2015-7581 (GCVE-0-2015-7581)

Tags

Sightings

Nomenclature