IBM Security Bulletin: IBM License Metric Tool v9 is vulnerable to two attacks on Ruby on Rails component - CVE-2014-0130, CVE-2014-7829
|
System information
|
|
|
Affected software |
IBM |
Description
|
IBM License Metric Tool v9 is vulnerable to two exploits related to Ruby on Rails framework. Ruby on Rails handles, among others, network communications of the IBM License Metric Tool v9 server. CVE-2014-0130 allows an unauthorized attacker to read any file from the machine that is hosting IBM License Metric Tool v9 server, using a specially prepared HTTP request. CVE-2014-7829 allows an unauthorizes attacker to determine, whether a given file exists on the machine that is hosting IBM License
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_license_metric_tool_v9_is_vulnerable_to_two_attacks_on_ruby_on_rails_component_cve_2014_0130_cve_2014_7829?lang=en_us |
Standar resources
|
Property |
Value |
CVE |
CVE-2014-0130 ,CVE-2014-7829 ,CVE-2014-6457 and CVE-2015-0138. |