U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2014-0130

Change History

Modified Analysis 11/17/2016 3:46:38 PM

Action Type Old Value New Value
Changed CPE Configuration
Configuration 1
     OR
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.0:beta1:*:*:*:*:*:*
          cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.0:-:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.4:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.0:-:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.0:beta:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.0:rc1:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.0:rc2:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.1:-:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.1:rc1:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.1:rc2:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.1:rc3:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.1:rc4:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.2:-:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.17:*:*:*:*:*:*:* (and previous)
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.0:rc1:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.0:rc2:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.10:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.11:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.12:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.13:rc1:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.13:rc2:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc3:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.16:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.2:rc1:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.3:rc1:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.3:rc2:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.4:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.4:rc1:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.5:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.6:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.7:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.8:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.9:*:*:*:*:*:*:*
Configuration 1
     OR
          *cpe:2.3:a:redhat:subscription_asset_manager:1.3.0:*:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.0:beta1:*:*:*:*:*:*
          cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.0:-:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.4:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.0:-:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.0:beta:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.0:rc1:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.0:rc2:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.1:-:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.1:rc1:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.1:rc2:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.1:rc3:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.1:rc4:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.2:-:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.17:*:*:*:*:*:*:* (and previous)
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.0:rc1:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.0:rc2:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.10:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.11:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.12:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.13:rc1:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.13:rc2:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc3:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.16:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.2:rc1:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.3:rc1:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.3:rc2:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.4:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.4:rc1:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.5:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.6:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.7:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.8:*:*:*:*:*:*:*
          *cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.9:*:*:*:*:*:*:*
Changed Reference Type
http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf No Types Assigned
http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf Technical Description
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2014-1863.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2014-1863.html Third Party Advisory
Changed Reference Type
http://www.securityfocus.com/bid/67244 No Types Assigned
http://www.securityfocus.com/bid/67244 Third Party Advisory, VDB Entry
Changed Reference Type
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ No Types Assigned
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ Third Party Advisory