Oval Definition:oval:org.opensuse.security:def:201816471
Revision Date:2022-06-30Version:1
Title:CVE-2018-16471
Description:

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-16471
SUSE-SU-2019:1440-1
SUSE-SU-2020:0359-1
openSUSE-SU-2019:1553-1
openSUSE-SU-2020:0214-1
Mitre CVE-2018-16471
SUSE CVE-2018-16471
SUSE-SU-2019:1440-1
SUSE-SU-2020:0359-1
openSUSE-SU-2019:1553-1
openSUSE-SU-2020:0214-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 42.3
openSUSE Tumbleweed
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Availability 15 SP1
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND ruby2.1-rubygem-rack-1.6.11-3.3.1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND ruby2.1-rubygem-rack-1.6.11-3.3.1 is installed
    • Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • ruby2.1-rubygem-rack-1.6.11-7.3 is installed
  • AND ruby2.1-rubygem-rack is signed with openSUSE key
  • OR
  • ruby2.1-rubygem-rack-doc-1.6.11-7.3 is installed
  • AND ruby2.1-rubygem-rack-doc is signed with openSUSE key
  • OR
  • ruby2.1-rubygem-rack-testsuite-1.6.11-7.3 is installed
  • AND ruby2.1-rubygem-rack-testsuite is signed with openSUSE key
  • OR
  • ruby2.2-rubygem-rack-1.6.11-7.3 is installed
  • AND ruby2.2-rubygem-rack is signed with openSUSE key
  • OR
  • ruby2.2-rubygem-rack-doc-1.6.11-7.3 is installed
  • AND ruby2.2-rubygem-rack-doc is signed with openSUSE key
  • OR
  • ruby2.2-rubygem-rack-testsuite-1.6.11-7.3 is installed
  • AND ruby2.2-rubygem-rack-testsuite is signed with openSUSE key
  • OR
  • ruby2.3-rubygem-rack-1.6.11-7.3 is installed
  • AND ruby2.3-rubygem-rack is signed with openSUSE key
  • OR
  • ruby2.3-rubygem-rack-doc-1.6.11-7.3 is installed
  • AND ruby2.3-rubygem-rack-doc is signed with openSUSE key
  • OR
  • ruby2.3-rubygem-rack-testsuite-1.6.11-7.3 is installed
  • AND ruby2.3-rubygem-rack-testsuite is signed with openSUSE key
  • OR
  • ruby2.4-rubygem-rack-1.6.11-7.3 is installed
  • AND ruby2.4-rubygem-rack is signed with openSUSE key
  • OR
  • ruby2.4-rubygem-rack-doc-1.6.11-7.3 is installed
  • AND ruby2.4-rubygem-rack-doc is signed with openSUSE key
  • OR
  • ruby2.4-rubygem-rack-testsuite-1.6.11-7.3 is installed
  • AND ruby2.4-rubygem-rack-testsuite is signed with openSUSE key
  • OR
  • rubygem-rack-1.6.11-7.3 is installed
  • AND rubygem-rack is signed with openSUSE key
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND ruby2.1-rubygem-rack is affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND
  • ruby2.5-rubygem-rack-doc-2.0.8-3.3 is installed
  • OR ruby2.5-rubygem-rack-testsuite-2.0.8-3.3 is installed
  • OR rubygem-rack-2.0.8-3.3 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Availability 15 is installed
  • OR SUSE Linux Enterprise High Availability 15 SP1 is installed
  • AND
  • ruby2.5-rubygem-rack-2.0.8-3.3 is installed
  • OR rubygem-rack-2.0.8-3.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • ruby2.5-rubygem-rack-2.0.8-lp151.3.3 is installed
  • AND ruby2.5-rubygem-rack is signed with openSUSE key
  • OR
  • ruby2.5-rubygem-rack-doc-2.0.8-lp151.3.3 is installed
  • AND ruby2.5-rubygem-rack-doc is signed with openSUSE key
  • OR
  • ruby2.5-rubygem-rack-testsuite-2.0.8-lp151.3.3 is installed
  • AND ruby2.5-rubygem-rack-testsuite is signed with openSUSE key
  • OR
  • rubygem-rack-2.0.8-lp151.3.3 is installed
  • AND rubygem-rack is signed with openSUSE key
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • ruby2.5-rubygem-rack-doc-2.0.8-3.3 is installed
  • OR ruby2.5-rubygem-rack-testsuite-2.0.8-3.3 is installed
  • OR rubygem-rack-2.0.8-3.3 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND
  • ruby2.5-rubygem-rack-doc-2.0.8-3.3 is installed
  • OR ruby2.5-rubygem-rack-testsuite-2.0.8-3.3 is installed
  • OR rubygem-rack-2.0.8-3.3 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Availability 15 SP1 is installed
  • AND
  • ruby2.5-rubygem-rack-2.0.8-3.3 is installed
  • OR rubygem-rack-2.0.8-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 15 SP1 is installed
  • AND ruby2.5-rubygem-rack-2.0.8-3.3.1 is installed
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • ruby2.7-rubygem-rack-2.2.3-1.7 is installed
  • OR ruby2.7-rubygem-rack-2.0-2.0.9-1.10 is installed
  • OR ruby3.0-rubygem-rack-2.2.3-1.7 is installed
  • OR ruby3.0-rubygem-rack-2.0-2.0.9-1.10 is installed
  • OR ruby3.1-rubygem-rack-2.2.3.1-1.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability 15 is installed
  • OR SUSE Linux Enterprise High Availability 15 SP1 is installed
  • AND ruby2.5-rubygem-rack-2.0.8-3.3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability 15 SP1 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP1 is installed
  • OR SUSE Linux Enterprise Server 15 SP1 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • OR SUSE Manager Proxy 4.0 is installed
  • OR SUSE Manager Retail Branch Server 4.0 is installed
  • OR SUSE Manager Server 4.0 is installed
  • AND ruby2.5-rubygem-rack-2.0.8-3.3.1 is installed
    • BACK