Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

CVE Kennung:CVE-2016-2097
Beschreibung:Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.
Test Kennungen: 1.3.6.1.4.1.25623.1.0.809355   1.3.6.1.4.1.25623.1.0.809354  
Querverweise: Common Vulnerability Exposure (CVE) ID: CVE-2016-2097
BugTraq ID: 83726
http://www.securityfocus.com/bid/83726
Debian Security Information: DSA-3509 (Google Search)
http://www.debian.org/security/2016/dsa-3509
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ
http://www.securitytracker.com/id/1035122
SuSE Security Announcement: SUSE-SU-2016:0854 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html
SuSE Security Announcement: SUSE-SU-2016:0967 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html
SuSE Security Announcement: openSUSE-SU-2016:0835 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.