OVAL Reference oval:org.opensuse.security:def:20147819

Oval Definition:

oval:org.opensuse.security:def:20147819

Revision Date:	2021-08-15	Version:	1
Title:	CVE-2014-7819
Description:	Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2014-7819 Mitre CVE-2014-7819 SUSE CVE-2014-7819 openSUSE-SU-2014:1502-1 openSUSE-SU-2014:1502-1 openSUSE-SU-2014:1504-1 openSUSE-SU-2014:1504-1 openSUSE-SU-2014:1513-1 openSUSE-SU-2014:1513-1 openSUSE-SU-2014:1514-1 openSUSE-SU-2014:1514-1 SUSE-SU-2014:1609-1 SUSE-SU-2014:1609-1 SUSE-SU-2014:1609-2 SUSE-SU-2014:1609-2 SUSE-SU-2015:0787-1 SUSE-SU-2015:0787-1 SUSE-SU-2015:0863-1 SUSE-SU-2015:0863-1
Platform(s):	openSUSE 12.3 Update openSUSE 13.1 openSUSE 13.2 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE OpenStack Cloud 5 SUSE OpenStack Cloud 6	Product(s):
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 11 SP4 is installed AND rubygem-sprockets-2_2-2.2.1-0.7.11 is installed
Definition Synopsis
SUSE OpenStack Cloud 5 is installed AND ruby2.1-rubygem-sprockets-2_11-2.11.0-0.9 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND ruby2.1-rubygem-sprockets-2_11-2.11.3-1 is installed
Definition Synopsis
openSUSE 13.1 is installed AND Package Information rubygem-sprockets-2.10.0-2.4.1 is installed OR rubygem-sprockets-2_1-2.1.3-6.4.1 is installed OR rubygem-sprockets-2_1-doc-2.1.3-6.4.1 is installed OR rubygem-sprockets-2_2-2.2.2-5.4.1 is installed OR rubygem-sprockets-2_2-doc-2.2.2-5.4.1 is installed OR rubygem-sprockets-doc-2.10.0-2.4.1 is installed
Definition Synopsis
openSUSE 13.2 is installed AND Package Information rubygem-sprockets-2.12.1-2.4.1 is installed OR rubygem-sprockets-2_1-2.1.3-8.4.1 is installed OR rubygem-sprockets-2_1-doc-2.1.3-8.4.1 is installed OR rubygem-sprockets-2_2-2.2.2-8.4.1 is installed OR rubygem-sprockets-2_2-doc-2.2.2-8.4.1 is installed OR rubygem-sprockets-doc-2.12.1-2.4.1 is installed OR rubygem-tilt-1_4-1.4.1-2.1 is installed OR rubygem-tilt-1_4-doc-1.4.1-2.1 is installed OR rubygem-tilt-1_4-testsuite-1.4.1-2.1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 11 SP4 is installed AND rubygem-sprockets-2_2-2.2.1-0.7.11.1 is installed

BACK