Oval Definition:	oval:com.ubuntu.precise:def:20160752000
Revision Date: 2016-02-15 Version: 1 Title: CVE-2016-0752 on Ubuntu 12.04 LTS (precise) - medium. Description: Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. Family: unix Class: vulnerability Status: Reference(s): CVE-2016-0752 Platform(s): Ubuntu 12.04 LTS Product(s): Definition Synopsis Ubuntu 12.04 LTS (precise) is installed. AND Package Information NOT While related to the CVE in some way, the 'rails' package in precise is not affected (note: 'contains no code'). OR The vulnerability of the 'ruby-actionpack-2.3' package in precise is not known (status: 'needs-triage'). It is pending evaluation. OR The vulnerability of the 'ruby-activerecord-2.3' package in precise is not known (status: 'needs-triage'). It is pending evaluation. OR The vulnerability of the 'ruby-activesupport-2.3' package in precise is not known (status: 'needs-triage'). It is pending evaluation. OR The vulnerability of the 'ruby-rails-2.3' package in precise is not known (status: 'needs-triage'). It is pending evaluation.
BACK