Novell Home

CVE-2011-0449

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-0449 at MITRE

Description

actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.

NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 668817

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Studio Standard Edition 1.2
  • rubygem-actionmailer-2_3 >= 2.3.14-0.7.4.3
  • rubygem-actionpack-2_3 >= 2.3.14-0.7.4.3
  • rubygem-activerecord-2_3 >= 2.3.14-0.7.4.3
  • rubygem-activeresource-2_3 >= 2.3.14-0.7.4.3
  • rubygem-activesupport-2_3 >= 2.3.14-0.7.4.3
  • rubygem-rack >= 1.1.2-0.8.8.3
  • rubygem-rails >= 2.3.14-0.8.6.1
  • rubygem-rails-2_3 >= 2.3.14-0.7.4.3
Builds
SAT Patch Nr: 5884
SUSE Studio Extension for System z 1.2
SUSE Studio Onsite 1.2 [Appliance - Studio]
WebYaST 1.2
  • rubygem-actionmailer-2_3 >= 2.3.14-0.7.4.3
  • rubygem-actionpack-2_3 >= 2.3.14-0.7.4.3
  • rubygem-activerecord-2_3 >= 2.3.14-0.7.4.3
  • rubygem-activeresource-2_3 >= 2.3.14-0.7.4.3
  • rubygem-activesupport-2_3 >= 2.3.14-0.7.4.3
  • rubygem-rack >= 1.1.2-0.8.8.3
  • rubygem-rails-2_3 >= 2.3.14-0.7.4.3
Builds
SAT Patch Nr: 5884
openSUSE 11.3
  • rubygem-actionmailer >= 2.3.14-0.3.1
  • rubygem-actionmailer-2_3 >= 2.3.14-0.3.1
  • rubygem-actionpack >= 2.3.14-0.3.1
  • rubygem-actionpack-2_3 >= 2.3.14-0.2.1
  • rubygem-activerecord >= 2.3.14-0.3.1
  • rubygem-activerecord-2_3 >= 2.3.14-0.3.1
  • rubygem-activeresource >= 2.3.14-0.3.1
  • rubygem-activeresource-2_3 >= 2.3.14-0.3.1
  • rubygem-activesupport >= 2.3.14-0.3.1
  • rubygem-activesupport-2_3 >= 2.3.14-0.3.1
  • rubygem-rack >= 1.1.2-0.3.1
  • rubygem-rails >= 2.3.14-0.3.1
  • rubygem-rails-2_3 >= 2.3.14-0.3.1
openSUSE 11.4
  • rubygem-actionmailer >= 2.3.14-0.3.1
  • rubygem-actionmailer-2_3 >= 2.3.14-0.3.1
  • rubygem-actionmailer-2_3-doc >= 2.3.14-0.3.1
  • rubygem-actionmailer-2_3-testsuite >= 2.3.14-0.3.1
  • rubygem-actionpack >= 2.3.14-0.3.1
  • rubygem-actionpack-2_3 >= 2.3.14-0.3.1
  • rubygem-actionpack-2_3-doc >= 2.3.14-0.3.1
  • rubygem-actionpack-2_3-testsuite >= 2.3.14-0.3.1
  • rubygem-activerecord >= 2.3.14-0.3.1
  • rubygem-activerecord-2_3 >= 2.3.14-0.3.1
  • rubygem-activerecord-2_3-doc >= 2.3.14-0.3.1
  • rubygem-activerecord-2_3-testsuite >= 2.3.14-0.3.1
  • rubygem-activeresource >= 2.3.14-0.3.1
  • rubygem-activeresource-2_3 >= 2.3.14-0.3.1
  • rubygem-activeresource-2_3-doc >= 2.3.14-0.3.1
  • rubygem-activeresource-2_3-testsuite >= 2.3.14-0.3.1
  • rubygem-activesupport >= 2.3.14-0.3.1
  • rubygem-activesupport-2_3 >= 2.3.14-0.3.1
  • rubygem-activesupport-2_3-doc >= 2.3.14-0.3.1
  • rubygem-rack >= 1.1.2-0.3.1
  • rubygem-rails >= 2.3.14-0.3.1
  • rubygem-rails-2_3 >= 2.3.14-0.3.1
  • rubygem-rails-2_3-doc >= 2.3.14-0.3.1

© 2014 Novell