Lucene search
HistoryNov 18, 2014 - 11:59 p.m.
CVE-2014-7829
cve-2014-7829
directory traversal
action pack
ruby on rails
remote attackers
cve-2014-7818
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.0%
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818.
Affected configurations
Node
opensuseopensuseMatch12.3
ORopensuseopensuseMatch13.1
ORopensuseopensuseMatch13.2
Node
rubyonrailsrailsMatch3.0.0
ORrubyonrailsrailsMatch3.0.0beta
ORrubyonrailsrailsMatch3.0.0beta2
ORrubyonrailsrailsMatch3.0.0beta3
ORrubyonrailsrailsMatch3.0.0beta4
ORrubyonrailsrailsMatch3.0.0rc
ORrubyonrailsrailsMatch3.0.0rc2
ORrubyonrailsrailsMatch3.0.1
ORrubyonrailsrailsMatch3.0.1pre
ORrubyonrailsrailsMatch3.0.2
ORrubyonrailsrailsMatch3.0.2pre
ORrubyonrailsrailsMatch3.0.3
ORrubyonrailsrailsMatch3.0.4rc1
ORrubyonrailsrailsMatch3.0.5
ORrubyonrailsrailsMatch3.0.5rc1
ORrubyonrailsrailsMatch3.0.6
ORrubyonrailsrailsMatch3.0.6rc1
ORrubyonrailsrailsMatch3.0.6rc2
ORrubyonrailsrailsMatch3.0.7
ORrubyonrailsrailsMatch3.0.7rc1
ORrubyonrailsrailsMatch3.0.7rc2
ORrubyonrailsrailsMatch3.0.8
ORrubyonrailsrailsMatch3.0.8rc1
ORrubyonrailsrailsMatch3.0.8rc2
ORrubyonrailsrailsMatch3.0.8rc3
ORrubyonrailsrailsMatch3.0.8rc4
ORrubyonrailsrailsMatch3.0.9
ORrubyonrailsrailsMatch3.0.9rc1
ORrubyonrailsrailsMatch3.0.9rc2
ORrubyonrailsrailsMatch3.0.9rc3
ORrubyonrailsrailsMatch3.0.9rc4
ORrubyonrailsrailsMatch3.0.9rc5
ORrubyonrailsrailsMatch3.0.10
ORrubyonrailsrailsMatch3.0.10rc1
ORrubyonrailsrailsMatch3.0.11
ORrubyonrailsrailsMatch3.0.12
ORrubyonrailsrailsMatch3.0.12rc1
ORrubyonrailsrailsMatch3.0.13
ORrubyonrailsrailsMatch3.0.13rc1
ORrubyonrailsrailsMatch3.0.14
ORrubyonrailsrailsMatch3.0.16
ORrubyonrailsrailsMatch3.0.17
ORrubyonrailsrailsMatch3.0.18
ORrubyonrailsrailsMatch3.0.19
ORrubyonrailsrailsMatch3.0.20
ORrubyonrailsrailsMatch3.1.0
ORrubyonrailsrailsMatch3.1.0beta1
ORrubyonrailsrailsMatch3.1.0rc1
ORrubyonrailsrailsMatch3.1.0rc2
ORrubyonrailsrailsMatch3.1.0rc3
ORrubyonrailsrailsMatch3.1.0rc4
ORrubyonrailsrailsMatch3.1.0rc5
ORrubyonrailsrailsMatch3.1.0rc6
ORrubyonrailsrailsMatch3.1.0rc7
ORrubyonrailsrailsMatch3.1.0rc8
ORrubyonrailsrailsMatch3.1.1
ORrubyonrailsrailsMatch3.1.1rc1
ORrubyonrailsrailsMatch3.1.1rc2
ORrubyonrailsrailsMatch3.1.1rc3
ORrubyonrailsrailsMatch3.1.2
ORrubyonrailsrailsMatch3.1.2rc1
ORrubyonrailsrailsMatch3.1.2rc2
ORrubyonrailsrailsMatch3.1.3
ORrubyonrailsrailsMatch3.1.4
ORrubyonrailsrailsMatch3.1.4rc1
ORrubyonrailsrailsMatch3.1.5
ORrubyonrailsrailsMatch3.1.5rc1
ORrubyonrailsrailsMatch3.1.6
ORrubyonrailsrailsMatch3.1.7
ORrubyonrailsrailsMatch3.1.8
ORrubyonrailsrailsMatch3.1.9
ORrubyonrailsrailsMatch3.1.10
ORrubyonrailsrailsMatch3.2.0
ORrubyonrailsrailsMatch3.2.0rc1
ORrubyonrailsrailsMatch3.2.0rc2
ORrubyonrailsrailsMatch3.2.1
ORrubyonrailsrailsMatch3.2.2
ORrubyonrailsrailsMatch3.2.2rc1
ORrubyonrailsrailsMatch3.2.3
ORrubyonrailsrailsMatch3.2.3rc1
ORrubyonrailsrailsMatch3.2.3rc2
ORrubyonrailsrailsMatch3.2.4
ORrubyonrailsrailsMatch3.2.4rc1
ORrubyonrailsrailsMatch3.2.5
ORrubyonrailsrailsMatch3.2.6
ORrubyonrailsrailsMatch3.2.7
ORrubyonrailsrailsMatch3.2.8
ORrubyonrailsrailsMatch3.2.10
ORrubyonrailsrailsMatch3.2.11
ORrubyonrailsrailsMatch3.2.12
ORrubyonrailsrailsMatch3.2.13rc1
ORrubyonrailsrailsMatch3.2.13rc2
ORrubyonrailsrailsMatch3.2.15rc3
ORrubyonrailsrailsMatch3.2.16
ORrubyonrailsrailsMatch3.2.17
ORrubyonrailsrailsMatch3.2.18
ORrubyonrailsrailsMatch4.0.0-
ORrubyonrailsrailsMatch4.0.0beta
ORrubyonrailsrailsMatch4.0.0rc1
ORrubyonrailsrailsMatch4.0.0rc2
ORrubyonrailsrailsMatch4.0.1-
ORrubyonrailsrailsMatch4.0.1rc1
ORrubyonrailsrailsMatch4.0.1rc2
ORrubyonrailsrailsMatch4.0.1rc3
ORrubyonrailsrailsMatch4.0.1rc4
ORrubyonrailsrailsMatch4.0.2
ORrubyonrailsrailsMatch4.0.3
ORrubyonrailsrailsMatch4.0.4
ORrubyonrailsrailsMatch4.0.5
ORrubyonrailsrailsMatch4.0.6
ORrubyonrailsrailsMatch4.0.6rc1
ORrubyonrailsrailsMatch4.0.6rc2
ORrubyonrailsrailsMatch4.0.6rc3
ORrubyonrailsrailsMatch4.0.7
ORrubyonrailsrailsMatch4.0.8
ORrubyonrailsrailsMatch4.0.9
ORrubyonrailsrailsMatch4.0.10
ORrubyonrailsrailsMatch4.0.10rc1
ORrubyonrailsrailsMatch4.1.0-
ORrubyonrailsrailsMatch4.1.0beta1
ORrubyonrailsrailsMatch4.1.1
ORrubyonrailsrailsMatch4.1.2
ORrubyonrailsrailsMatch4.1.2rc1
ORrubyonrailsrailsMatch4.1.2rc2
ORrubyonrailsrailsMatch4.1.2rc3
ORrubyonrailsrailsMatch4.1.3
ORrubyonrailsrailsMatch4.1.4
ORrubyonrailsrailsMatch4.1.5
ORrubyonrailsrailsMatch4.1.6
ORrubyonrailsrailsMatch4.1.6rc1
ORrubyonrailsrailsMatch4.1.7
ORrubyonrailsrailsMatch4.2.0beta1
ORrubyonrailsrailsMatch4.2.0beta2
ORrubyonrailsrailsMatch4.2.0beta3
ORrubyonrailsruby_on_railsMatch3.0.4
ORrubyonrailsruby_on_railsMatch3.2.19
ORrubyonrailsruby_on_railsMatch3.2.20
ORrubyonrailsruby_on_railsMatch4.0.11
| CPE | Name | Operator | Version |
|---|---|---|---|
| opensuse:opensuse | opensuse | eq | 12.3 |
| opensuse:opensuse | opensuse | eq | 13.1 |
| opensuse:opensuse | opensuse | eq | 13.2 |
Related
nessus
nessus
openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2014:1515-1)
2014-11-28 00:00:00
Fedora 20 : rubygem-actionpack-4.0.0-5.fc20 (2014-15371)
2015-03-06 00:00:00
Fedora 21 : rubygem-actionpack-4.1.5-2.fc21 (2014-15342)
2015-02-16 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: rubygem-actionpack-4.1.5-2.fc21
2015-02-15 13:58:05
[SECURITY] Fedora 20 Update: rubygem-actionpack-4.0.0-5.fc20
2015-03-05 12:31:58
ubuntucve
ubuntucve
CVE-2014-7829
2014-11-18 00:00:00
CVE-2014-7818
2014-11-08 00:00:00
debiancve
debiancve
CVE-2014-7829
2014-11-18 23:59:03
CVE-2014-7818
2014-11-08 11:55:02
nvd
nvd
CVE-2014-7829
2014-11-18 23:59:03
CVE-2014-7818
2014-11-08 11:55:02
openvas
openvas
Fedora Update for rubygem-actionpack FEDORA-2014-15342
2015-02-16 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2014-15371
2015-03-06 00:00:00
cvelist
cvelist
CVE-2014-7829
2014-11-18 23:00:00
CVE-2014-7818
2014-11-08 11:00:00
osv
osv
Directory traversal vulnerability in actionpack
2017-10-24 18:33:36
actionpack vulnerable to Path Traversal
2017-10-24 18:33:36
prion
prion
Directory traversal
2014-11-18 23:59:00
Directory traversal
2014-11-08 11:55:00
github
github
Directory traversal vulnerability in actionpack
2017-10-24 18:33:36
Moderate severity vulnerability that affects actionpack
2018-09-17 21:54:37
actionpack vulnerable to Path Traversal
2017-10-24 18:33:36
hackerone
hackerone
cve
cve
CVE-2014-7818
2014-11-08 11:55:02
rubygems
rubygems
Arbitrary file existence disclosure in Action Pack
2014-11-16 21:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.0%
Related for CVE-2014-7829