OVAL Reference oval:com.ubuntu.cosmic:def:2018164770000000

Oval Definition:

oval:com.ubuntu.cosmic:def:2018164770000000

Revision Date:	2018-11-30	Version:	1
Title:	CVE-2018-16477 on Ubuntu 18.10 (cosmic) - medium.
Description:	A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2018-16477
Platform(s):	Ubuntu 18.10	Product(s):
Definition Synopsis
Ubuntu 18.10 (cosmic) is installed. AND Package Information NOT rails package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present'). OR NOT ruby-actionmailer package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present'). OR NOT ruby-actionpack package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present'). OR NOT ruby-actionview package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present'). OR NOT ruby-activejob package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present'). OR NOT ruby-activemodel package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present'). OR NOT ruby-activerecord package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present'). OR NOT ruby-activesupport package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present'). OR NOT ruby-rails package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present'). OR NOT ruby-railties package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present').

BACK