Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2011-0449
HistoryFeb 21, 2011 - 6:00 p.m.

CVE-2011-0449

2011-02-2118:00:01
Debian Security Bug Tracker
security-tracker.debian.org
12

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.011

Percentile

84.8%

actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.

OSVersionArchitecturePackageVersionFilename
Debian12allrails< 2:6.1.7.3+dfsg-2~deb12u1rails_2:6.1.7.3+dfsg-2~deb12u1_all.deb
Debian11allrails< 2:6.0.3.7+dfsg-2+deb11u2rails_2:6.0.3.7+dfsg-2+deb11u2_all.deb
Debian999allrails< 2:6.1.7.3+dfsg-3rails_2:6.1.7.3+dfsg-3_all.deb
Debian13allrails< 2:6.1.7.3+dfsg-3rails_2:6.1.7.3+dfsg-3_all.deb

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.011

Percentile

84.8%