Lucene search
IBM003F6D8197E2C8C6D47E271106C46B1D63AB86F5735228872D31B0E25E5BDB4BHistoryOct 10, 2019 - 7:56 p.m.
Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2019-5419).
2019-10-1019:56:25
www.ibm.com
13
0.003 Low
EPSS
Percentile
71.4%
Summary
There is a vulnerability in Ruby On Rails that is used by IBM License Metric Tool.
Vulnerability Details
CVEID: CVE-2019-5419
DESCRIPTION: Ruby on Rails Action View module is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted accept headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158110> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
IBM License Metric Tool v9.x
Remediation/Fixes
Upgrade to version 9.2.16 or later using the following procedure:
- In IBM Endpoint Manager console, expand **IBM License Reporting (ILMT)**node under Sites node in the tree panel.
- Click Fixlets and Tasks node.Fixlets and Tasks panel will be displayed on the right.
- In the Fixlets and Tasks panel locate _Upgrade to the latest version of IBM License Metric Tool __9.x _fixlet and run it against the computer that hosts your server.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm license metric tool | eq | 9.2 |
Related
ubuntucve
ubuntucve
CVE-2019-5419
2019-03-27 00:00:00
cvelist
cvelist
CVE-2019-5419
2019-03-27 13:43:19
debiancve
debiancve
CVE-2019-5419
2019-03-27 14:29:01
prion
prion
Denial of service
2019-03-27 14:29:00
cve
cve
CVE-2019-5419
2019-03-27 14:29:01
redhatcve
redhatcve
CVE-2019-5419
2019-10-30 04:28:20
veracode
veracode
Denial Of Service (DoS)
2019-03-14 03:23:36
nvd
nvd
CVE-2019-5419
2019-03-27 14:29:01
gitlab
gitlab
Allocation of Resources Without Limits or Throttling
2019-03-27 00:00:00
osv
osv
CVE-2019-5419
2019-03-27 14:29:01
Denial of Service Vulnerability in Action View
2019-03-13 17:25:55
rails - security update
2019-03-30 00:00:00
rubygems
rubygems
Denial of Service Vulnerability in Action View
2019-03-12 21:00:00
suse
suse
Security update for rmt-server (important)
2019-08-01 00:00:00
Security update for rubygem-actionpack-5_1 (moderate)
2019-05-08 00:00:00
Security update for rmt-server (important)
2019-06-07 00:00:00
debian
debian
[SECURITY] [DLA 1739-1] rails security update
2019-03-31 13:51:06
nessus
nessus
openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2019-1344)
2019-05-09 00:00:00
Debian DLA-1739-1 : rails security update
2019-04-01 00:00:00
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2019:1381-1)
2019-05-31 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:1381-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for rmt-server (openSUSE-SU-2019:1824-1)
2020-01-09 00:00:00
openSUSE: Security Advisory for rmt-server (openSUSE-SU-2019:1527-1)
2019-06-08 00:00:00
redhat
redhat
(RHSA-2019:1147) Important: rh-ror50-rubygem-actionpack security update
2019-05-13 08:36:21
(RHSA-2019:1149) Important: rh-ror42-rubygem-actionpack security update
2019-05-13 08:53:04
githubexploit
githubexploit
Exploit for Vulnerability in Rubyonrails Rails
2019-03-16 11:58:18
Exploit for Vulnerability in Rubyonrails Rails
2019-03-23 02:52:31
freebsd
freebsd
Rails -- Action View vulnerabilities
2019-03-13 00:00:00
github
github
Denial of Service Vulnerability in Action View
2019-03-13 17:25:55
fedora
fedora
[SECURITY] Fedora 30 Update: rubygem-actionpack-5.2.3-2.fc30
2019-05-10 00:48:41
[SECURITY] Fedora 30 Update: rubygem-activesupport-5.2.3-1.fc30
2019-05-10 00:48:41
[SECURITY] Fedora 30 Update: rubygem-railties-5.2.3-1.fc30
2019-05-10 00:48:41
0.003 Low
EPSS
Percentile
71.4%
Related for 003F6D8197E2C8C6D47E271106C46B1D63AB86F5735228872D31B0E25E5BDB4B