{ "threat_severity" : "Moderate", "public_date" : "2012-05-04T00:00:00Z", "bugzilla" : { "description" : "rubygem-rack: Rack::Auth:: AbstractRequest DoS", "id" : "895384", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=895384" }, "cvss" : { "cvss_base_score" : "4.3", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to \"symbolized arbitrary strings.\"" ], "affected_release" : [ { "product_name" : "CloudForms for RHEL 6", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0548", "cpe" : "cpe:/a:cloudforms_cloudengine:1::el6", "package" : "rubygem-activesupport-1:3.0.10-10.el6cf" }, { "product_name" : "CloudForms for RHEL 6", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0548", "cpe" : "cpe:/a:cloudforms_cloudengine:1::el6", "package" : "rubygem-delayed_job-0:2.1.4-3.el6cf" }, { "product_name" : "CloudForms for RHEL 6", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0548", "cpe" : "cpe:/a:cloudforms_cloudengine:1::el6", "package" : "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf" }, { "product_name" : "CloudForms for RHEL 6", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0548", "cpe" : "cpe:/a:cloudforms_cloudengine:1::el6", "package" : "rubygem-rack-1:1.3.0-3.el6cf" }, { "product_name" : "CloudForms for RHEL 6", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0548", "cpe" : "cpe:/a:cloudforms_cloudengine:1::el6", "package" : "rubygem-rails_warden-0:0.5.5-2.el6cf" }, { "product_name" : "CloudForms for RHEL 6", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0548", "cpe" : "cpe:/a:cloudforms_cloudengine:1::el6", "package" : "rubygem-rdoc-0:3.8-6.el6cf" }, { "product_name" : "CloudForms for RHEL 6", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0548", "cpe" : "cpe:/a:cloudforms_cloudengine:1::el6", "package" : "rubygem-rspec-rails-0:2.6.1-7.el6cf" }, { "product_name" : "CloudForms for RHEL 6", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0548", "cpe" : "cpe:/a:cloudforms_cloudengine:1::el6", "package" : "rubygem-ruby_parser-0:2.0.4-6.el6cf" }, { "product_name" : "CloudForms for RHEL 6", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0548", "cpe" : "cpe:/a:cloudforms_cloudengine:1::el6", "package" : "rubygem-shoulda-0:2.11.3-5.el6cf" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "apache-commons-codec-0:1.7-2.el6_3" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "candlepin-0:0.7.23-1.el6_3" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "elasticsearch-0:0.19.9-5.el6_3" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "katello-0:1.2.1-15h.el6_3" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "katello-certs-tools-0:1.2.1-1h.el6_3" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "katello-cli-0:1.2.1-12h.el6_3" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "katello-configure-0:1.2.3-3h.el6_3" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "katello-selinux-0:1.2.1-2h.el6_3" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "lucene3-0:3.6.1-10h.el6_3" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "puppet-0:2.6.17-2.el6cf" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "quartz-0:2.1.5-4.el6_3" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "rubygem-activesupport-1:3.0.10-10.el6cf" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "rubygem-apipie-rails-0:0.0.12-2.el6cf" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "rubygem-ldap_fluff-0:0.1.3-1.el6_3" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "rubygem-mail-0:2.3.0-3.el6cf" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "rubygem-rack-1:1.3.0-3.el6cf" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "rubygem-ruby_parser-0:2.0.4-6.el6cf" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "sigar-0:1.6.5-0.12.git58097d9h.el6_3" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "snappy-java-0:1.0.4-2.el6_3" }, { "product_name" : "Red Hat Subscription Asset Manager 1.2", "release_date" : "2013-02-21T00:00:00Z", "advisory" : "RHSA-2013:0544", "cpe" : "cpe:/a:rhel_sam:1.2::el6", "package" : "thumbslug-0:0.0.28-1.el6_3" } ], "package_state" : [ { "product_name" : "OpenShift Enterprise 1", "fix_state" : "Will not fix", "package_name" : "rubygem193-rack", "cpe" : "cpe:/a:redhat:openshift:1" }, { "product_name" : "OpenShift Enterprise 1", "fix_state" : "Will not fix", "package_name" : "rubygem-rack", "cpe" : "cpe:/a:redhat:openshift:1" }, { "product_name" : "Red Hat Enterprise MRG 2", "fix_state" : "Affected", "package_name" : "rubygem-rack", "cpe" : "cpe:/a:redhat:enterprise_mrg:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-0184\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0184" ], "name" : "CVE-2013-0184", "csaw" : false }