OVAL Reference oval:com.ubuntu.bionic:def:201364170000000

Oval Definition:

oval:com.ubuntu.bionic:def:201364170000000

Revision Date:	2013-12-06	Version:	1
Title:	CVE-2013-6417 on Ubuntu 18.04 LTS (bionic) - medium.
Description:	actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2013-6417
Platform(s):	Ubuntu 18.04 LTS	Product(s):
Definition Synopsis
Ubuntu 18.04 LTS (bionic) is installed. AND Package Information NOT rails package in bionic, while related to the CVE in some way, is not affected (note: 'contains no code'). OR NOT ruby-actionmailer package in bionic, while related to the CVE in some way, is not affected (note: 'contains no code'). OR NOT ruby-actionpack package in bionic, while related to the CVE in some way, is not affected (note: 'contains no code'). OR NOT ruby-actionview package in bionic, while related to the CVE in some way, is not affected (note: 'contains no code'). OR NOT ruby-activejob package in bionic, while related to the CVE in some way, is not affected (note: 'contains no code'). OR NOT ruby-activemodel package in bionic, while related to the CVE in some way, is not affected (note: 'contains no code'). OR NOT ruby-activerecord package in bionic, while related to the CVE in some way, is not affected (note: 'contains no code'). OR NOT ruby-activesupport package in bionic, while related to the CVE in some way, is not affected (note: 'contains no code'). OR NOT ruby-rails package in bionic, while related to the CVE in some way, is not affected (note: 'contains no code'). OR NOT ruby-railties package in bionic, while related to the CVE in some way, is not affected (note: 'contains no code').

BACK