IBM Security Bulletin: IBM License Metric Tool v9 is vulnerable to two attacks on Ruby on Rails component - CVE-2014-0130, CVE-2014-7829
|
Información sobre el sistema
|
| |
|
|
Software afectado |
IBM |
Descripción
|
IBM License Metric Tool v9 is vulnerable to two exploits related to Ruby on Rails framework. Ruby on Rails handles, among others, network communications of the IBM License Metric Tool v9 server. CVE-2014-0130 allows an unauthorized attacker to read any file from the machine that is hosting IBM License Metric Tool v9 server, using a specially prepared HTTP request. CVE-2014-7829 allows an unauthorizes attacker to determine, whether a given file exists on the machine that is hosting IBM License
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_license_metric_tool_v9_is_vulnerable_to_two_attacks_on_ruby_on_rails_component_cve_2014_0130_cve_2014_7829?lang=en_us |
Identificadores estándar
|
|
Propiedad |
Valor |
|
CVE |
CVE-2014-0130 ,CVE-2014-7829 ,CVE-2014-6457 and CVE-2015-0138. |
