Oval Definition:	oval:com.ubuntu.trusty:def:20131854000
Revision Date: 2013-03-19 Version: 1 Title: CVE-2013-1854 on Ubuntu 14.04 LTS (trusty) - medium. Description: The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method. Family: unix Class: vulnerability Status: Reference(s): CVE-2013-1854 Platform(s): Ubuntu 14.04 LTS Product(s): Definition Synopsis Ubuntu 14.04 LTS (trusty) is installed. AND Package Information NOT While related to the CVE in some way, the 'rails' package in trusty is not affected (note: 'contains no code'). OR NOT While related to the CVE in some way, the 'ruby-actionpack-3.2' package in trusty is not affected. OR The 'ruby-activerecord-3.2' package in trusty was vulnerable but has been fixed (note: '3.2.6-5'). OR NOT While related to the CVE in some way, the 'ruby-activesupport-3.2' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'ruby-rails-3.2' package in trusty is not affected.
BACK