Oval Definition:	oval:com.ubuntu.trusty:def:20162097000
Revision Date: 2016-04-07 Version: 1 Title: CVE-2016-2097 on Ubuntu 14.04 LTS (trusty) - medium. Description: Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752. Family: unix Class: vulnerability Status: Reference(s): CVE-2016-2097 Platform(s): Ubuntu 14.04 LTS Product(s): Definition Synopsis Ubuntu 14.04 LTS (trusty) is installed. AND Package Information NOT While related to the CVE in some way, the 'rails' package in trusty is not affected (note: 'contains no code'). OR The 'rails-4.0' package in trusty is affected and needs fixing. OR The 'ruby-actionpack-3.2' package in trusty is affected and needs fixing. OR NOT While related to the CVE in some way, the 'ruby-activemodel-3.2' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'ruby-activerecord-3.2' package in trusty is not affected (note: 'code not present'). OR NOT While related to the CVE in some way, the 'ruby-activesupport-3.2' package in trusty is not affected (note: 'code not present'). OR The vulnerability of the 'ruby-rails-3.2' package in trusty is not known (status: 'needs-triage'). It is pending evaluation.
BACK