{
  "threat_severity" : "Moderate",
  "public_date" : "2014-02-18T00:00:00Z",
  "bugzilla" : {
    "description" : "rubygem-actionpack: Action View string handling denial of service",
    "id" : "1065538",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1065538"
  },
  "cvss" : {
    "cvss_base_score" : "5.0",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "details" : [ "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers." ],
  "statement" : "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.",
  "acknowledgement" : "Red Hat would like to thank Ruby on Rails Project for reporting this issue. Upstream acknowledges Toby Hsieh (SlideShare) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-03-11T00:00:00Z",
    "advisory" : "RHSA-2014:0215",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "cfme-0:5.2.2.3-1.el6cf"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-03-11T00:00:00Z",
    "advisory" : "RHSA-2014:0215",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "ruby193-ruby-0:1.9.3.448-40.1.el6"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-03-11T00:00:00Z",
    "advisory" : "RHSA-2014:0215",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "ruby193-rubygem-actionpack-1:3.2.13-5.el6cf"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-03-11T00:00:00Z",
    "advisory" : "RHSA-2014:0215",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-03-11T00:00:00Z",
    "advisory" : "RHSA-2014:0215",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "ruby193-rubygem-bunny-0:1.0.7-1.el6cf"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-03-11T00:00:00Z",
    "advisory" : "RHSA-2014:0215",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "ruby193-rubygem-excon-0:0.31.0-1.el6cf"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-03-11T00:00:00Z",
    "advisory" : "RHSA-2014:0215",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "ruby193-rubygem-fog-0:1.19.0-1.el6cf"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-03-11T00:00:00Z",
    "advisory" : "RHSA-2014:0215",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-03-11T00:00:00Z",
    "advisory" : "RHSA-2014:0215",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-03-11T00:00:00Z",
    "advisory" : "RHSA-2014:0215",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf"
  }, {
    "product_name" : "Red Hat Software Collections for RHEL-6",
    "release_date" : "2014-03-17T00:00:00Z",
    "advisory" : "RHSA-2014:0306",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6",
    "package" : "ruby193-rubygem-actionpack-1:3.2.8-5.3.el6"
  } ],
  "package_state" : [ {
    "product_name" : "OpenShift Enterprise 1",
    "fix_state" : "Will not fix",
    "package_name" : "ruby193-rubygem-actionpack",
    "cpe" : "cpe:/a:redhat:openshift:1"
  }, {
    "product_name" : "Red Hat OpenStack Platform 3",
    "fix_state" : "Affected",
    "package_name" : "ruby193-rubygem-actionpack",
    "cpe" : "cpe:/a:redhat:openstack:3"
  }, {
    "product_name" : "Red Hat OpenStack Platform 4",
    "fix_state" : "Affected",
    "package_name" : "ruby193-rubygem-actionpack",
    "cpe" : "cpe:/a:redhat:openstack:4"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Affected",
    "package_name" : "ruby193-rubygem-actionpack",
    "cpe" : "cpe:/a:redhat:satellite:6"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Not affected",
    "package_name" : "ror40-rubygem-actionpack",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1"
  }, {
    "product_name" : "Red Hat Subscription Asset Manager",
    "fix_state" : "Will not fix",
    "package_name" : "ruby193-rubygem-actionpack",
    "cpe" : "cpe:/a:rhel_sam:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-0082\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0082" ],
  "name" : "CVE-2014-0082",
  "csaw" : false
}