Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0074)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2015.0074

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0074)

Resumen: The remote host is missing an update for the 'ruby-sprockets' package(s) announced via the MGASA-2015-0074 advisory.

Descripción: Summary:
The remote host is missing an update for the 'ruby-sprockets' package(s) announced via the MGASA-2015-0074 advisory.

Vulnerability Insight:
Updated ruby-sprockets packages fix security vulnerabilities:

Multiple directory traversal vulnerabilities in server.rb in Sprockets 2.12.x
before 2.12.3, allow remote attackers to determine the existence of files
outside the application root via a ../ (dot dot slash) sequence with double
slashes or URL encoding (CVE-2014-7819).

Affected Software/OS:
'ruby-sprockets' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-7819
[rubyonrails-security] 20141030 Arbitrary file existence disclosure in Sprockets (CVE-2014-7819)
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ
[rubyonrails-security] 20141030 [AMENDED] [CVE-2014-7819] Arbitrary file existence disclosure in Sprockets
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ
openSUSE-SU-2014:1502
http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html
openSUSE-SU-2014:1504
http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html
openSUSE-SU-2014:1513
http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html
openSUSE-SU-2014:1514
http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0074
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0074)
Resumen:	The remote host is missing an update for the 'ruby-sprockets' package(s) announced via the MGASA-2015-0074 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ruby-sprockets' package(s) announced via the MGASA-2015-0074 advisory. Vulnerability Insight: Updated ruby-sprockets packages fix security vulnerabilities: Multiple directory traversal vulnerabilities in server.rb in Sprockets 2.12.x before 2.12.3, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with double slashes or URL encoding (CVE-2014-7819). Affected Software/OS: 'ruby-sprockets' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-7819 [rubyonrails-security] 20141030 Arbitrary file existence disclosure in Sprockets (CVE-2014-7819) https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ [rubyonrails-security] 20141030 [AMENDED] [CVE-2014-7819] Arbitrary file existence disclosure in Sprockets https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ openSUSE-SU-2014:1502 http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html openSUSE-SU-2014:1504 http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html openSUSE-SU-2014:1513 http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html openSUSE-SU-2014:1514 http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html
Copyright	Copyright (C) 2022 Greenbone AG