Upstream information
CVE-2011-0447 at MITRE
Description
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696.
NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Novell/SUSE information
Novell Bugzilla entry:
668817
SUSE Security Advisories:
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Studio Standard Edition 1.2 | rubygem-actionmailer-2_3 >= 2.3.14-0.7.4.3rubygem-actionpack-2_3 >= 2.3.14-0.7.4.3rubygem-activerecord-2_3 >= 2.3.14-0.7.4.3rubygem-activeresource-2_3 >= 2.3.14-0.7.4.3rubygem-activesupport-2_3 >= 2.3.14-0.7.4.3rubygem-rack >= 1.1.2-0.8.8.3rubygem-rails >= 2.3.14-0.8.6.1rubygem-rails-2_3 >= 2.3.14-0.7.4.3
| Builds
SAT Patch Nr: 5884 |
SUSE Studio Extension for System z 1.2
SUSE Studio Onsite 1.2 [Appliance - Studio]
WebYaST 1.2 | rubygem-actionmailer-2_3 >= 2.3.14-0.7.4.3rubygem-actionpack-2_3 >= 2.3.14-0.7.4.3rubygem-activerecord-2_3 >= 2.3.14-0.7.4.3rubygem-activeresource-2_3 >= 2.3.14-0.7.4.3rubygem-activesupport-2_3 >= 2.3.14-0.7.4.3rubygem-rack >= 1.1.2-0.8.8.3rubygem-rails-2_3 >= 2.3.14-0.7.4.3
| Builds
SAT Patch Nr: 5884 |
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Software Development Kit 11 SP2 | rubygem-actionpack-2_1 >= 2.1.2-1.12.2rubygem-activerecord-2_1 >= 2.1.2-1.4.5
| sle11-sp2-sdk.ia64
sle11-sp2-sdk.s390x
sle11-sp2-sdk.x86-64
sle11-sp1-sdk.s390x
sle11-sp1-sdk.x86-64
sle11-sp1-sdk.x86
sle11-sp2-sdk.ppc
sle11-sp1-sdk.ia64
sle11-sp1-sdk.ppc
sle11-sp2-sdk.x86
SAT Patch Nr: 5875 |
| openSUSE 11.3 | rubygem-actionmailer >= 2.3.14-0.3.1rubygem-actionmailer-2_3 >= 2.3.14-0.3.1rubygem-actionpack >= 2.3.14-0.3.1rubygem-actionpack-2_3 >= 2.3.14-0.2.1rubygem-activerecord >= 2.3.14-0.3.1rubygem-activerecord-2_3 >= 2.3.14-0.3.1rubygem-activeresource >= 2.3.14-0.3.1rubygem-activeresource-2_3 >= 2.3.14-0.3.1rubygem-activesupport >= 2.3.14-0.3.1rubygem-activesupport-2_3 >= 2.3.14-0.3.1rubygem-rack >= 1.1.2-0.3.1rubygem-rails >= 2.3.14-0.3.1rubygem-rails-2_3 >= 2.3.14-0.3.1
| |
| openSUSE 11.4 | rubygem-actionmailer >= 2.3.14-0.3.1rubygem-actionmailer-2_3 >= 2.3.14-0.3.1rubygem-actionmailer-2_3-doc >= 2.3.14-0.3.1rubygem-actionmailer-2_3-testsuite >= 2.3.14-0.3.1rubygem-actionpack >= 2.3.14-0.3.1rubygem-actionpack-2_3 >= 2.3.14-0.3.1rubygem-actionpack-2_3-doc >= 2.3.14-0.3.1rubygem-actionpack-2_3-testsuite >= 2.3.14-0.3.1rubygem-activerecord >= 2.3.14-0.3.1rubygem-activerecord-2_3 >= 2.3.14-0.3.1rubygem-activerecord-2_3-doc >= 2.3.14-0.3.1rubygem-activerecord-2_3-testsuite >= 2.3.14-0.3.1rubygem-activeresource >= 2.3.14-0.3.1rubygem-activeresource-2_3 >= 2.3.14-0.3.1rubygem-activeresource-2_3-doc >= 2.3.14-0.3.1rubygem-activeresource-2_3-testsuite >= 2.3.14-0.3.1rubygem-activesupport >= 2.3.14-0.3.1rubygem-activesupport-2_3 >= 2.3.14-0.3.1rubygem-activesupport-2_3-doc >= 2.3.14-0.3.1rubygem-rack >= 1.1.2-0.3.1rubygem-rails >= 2.3.14-0.3.1rubygem-rails-2_3 >= 2.3.14-0.3.1rubygem-rails-2_3-doc >= 2.3.14-0.3.1
| |
