Detections
Analytics
RHEL 7 : CloudForms 4.7.3 (RHSA-2019:0796)
high Nessus Plugin ID 127087
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0796 advisory.Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.
Security Fix(es):
* rubygem-actionpack: render file directory traversal in Action View (CVE-2019-5418)
* rubygem-actionpack: denial of service vulnerability in Action View (CVE-2019-5419)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?12019b9c
http://www.nessus.org/u?5668a5e0
https://bugzilla.redhat.com/show_bug.cgi?id=1686902
https://bugzilla.redhat.com/show_bug.cgi?id=1688937
https://bugzilla.redhat.com/show_bug.cgi?id=1689160
https://bugzilla.redhat.com/show_bug.cgi?id=1693714
https://bugzilla.redhat.com/show_bug.cgi?id=1693718
https://bugzilla.redhat.com/show_bug.cgi?id=1693719
https://bugzilla.redhat.com/show_bug.cgi?id=1693720
https://bugzilla.redhat.com/show_bug.cgi?id=1693721
https://bugzilla.redhat.com/show_bug.cgi?id=1693722
https://bugzilla.redhat.com/show_bug.cgi?id=1693727
https://bugzilla.redhat.com/show_bug.cgi?id=1693728
https://bugzilla.redhat.com/show_bug.cgi?id=1693748
https://bugzilla.redhat.com/show_bug.cgi?id=1693749
https://bugzilla.redhat.com/show_bug.cgi?id=1693757
https://bugzilla.redhat.com/show_bug.cgi?id=1693817
https://bugzilla.redhat.com/show_bug.cgi?id=1694190
https://bugzilla.redhat.com/show_bug.cgi?id=1694798
https://bugzilla.redhat.com/show_bug.cgi?id=1695626
https://bugzilla.redhat.com/show_bug.cgi?id=1695627
https://bugzilla.redhat.com/show_bug.cgi?id=1696841
https://bugzilla.redhat.com/show_bug.cgi?id=1698586
https://access.redhat.com/errata/RHSA-2019:0796
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1678385
https://bugzilla.redhat.com/show_bug.cgi?id=1680959
https://bugzilla.redhat.com/show_bug.cgi?id=1686045
https://bugzilla.redhat.com/show_bug.cgi?id=1689159
https://bugzilla.redhat.com/show_bug.cgi?id=1693729
https://bugzilla.redhat.com/show_bug.cgi?id=1693730
https://bugzilla.redhat.com/show_bug.cgi?id=1693731
https://bugzilla.redhat.com/show_bug.cgi?id=1693740
https://bugzilla.redhat.com/show_bug.cgi?id=1693741
https://bugzilla.redhat.com/show_bug.cgi?id=1693743
https://bugzilla.redhat.com/show_bug.cgi?id=1693745
https://bugzilla.redhat.com/show_bug.cgi?id=1693746
https://bugzilla.redhat.com/show_bug.cgi?id=1693747
https://bugzilla.redhat.com/show_bug.cgi?id=1695628
https://bugzilla.redhat.com/show_bug.cgi?id=1695629
https://bugzilla.redhat.com/show_bug.cgi?id=1695631
https://bugzilla.redhat.com/show_bug.cgi?id=1695897
https://bugzilla.redhat.com/show_bug.cgi?id=1696362
https://bugzilla.redhat.com/show_bug.cgi?id=1696419
https://bugzilla.redhat.com/show_bug.cgi?id=1696421
Plugin Details
Severity: High
ID: 127087
File Name: redhat-RHSA-2019-0796.nasl
Version: 1.10
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 7/26/2019
Updated: 6/3/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2019-5418
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:cfme, p-cpe:/a:redhat:enterprise_linux:ansible-tower-server, p-cpe:/a:redhat:enterprise_linux:cfme-amazon-smartstate, p-cpe:/a:redhat:enterprise_linux:ansible-tower-venv-ansible, p-cpe:/a:redhat:enterprise_linux:cfme-appliance-common, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:cfme-appliance, p-cpe:/a:redhat:enterprise_linux:cfme-gemset, p-cpe:/a:redhat:enterprise_linux:ansible-tower, p-cpe:/a:redhat:enterprise_linux:ansible-tower-setup, p-cpe:/a:redhat:enterprise_linux:ansible-tower-ui, p-cpe:/a:redhat:enterprise_linux:ansible-tower-venv-tower, p-cpe:/a:redhat:enterprise_linux:cfme-appliance-tools
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/23/2019
Vulnerability Publication Date: 3/27/2019
Exploitable With
CANVAS (CANVAS)
Elliot (Rails File Disclosure)