CVE-2011-0449 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-0449 Interim 1 10 2022-10-15T18:02:15Z current 2021-05-30T12:55:54Z 2022-10-15T18:02:15Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-0449 actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2012-March/000065.html E-Mail link for SUSE-SU-2012:0434-1 https://lists.opensuse.org/opensuse-updates/2011-12/msg00004.html E-Mail link for openSUSE-SU-2011:1305-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Studio Onsite Runner 1.2 rubygem-actionmailer-2_3-2.3.14-0.7.4.3 rubygem-actionpack-2_3-2.3.14-0.7.4.3 rubygem-activerecord-2_3-2.3.14-0.7.4.3 rubygem-activeresource-2_3-2.3.14-0.7.4.3 rubygem-activesupport-2_3-2.3.14-0.7.4.3 rubygem-rack-1.1.2-0.8.8.3 rubygem-rails-2_3-2.3.14-0.7.4.3 rubygem-actionmailer-2_3-2.3.14-0.7.4.3 as a component of SUSE Studio Onsite Runner 1.2 rubygem-actionpack-2_3-2.3.14-0.7.4.3 as a component of SUSE Studio Onsite Runner 1.2 rubygem-activerecord-2_3-2.3.14-0.7.4.3 as a component of SUSE Studio Onsite Runner 1.2 rubygem-activeresource-2_3-2.3.14-0.7.4.3 as a component of SUSE Studio Onsite Runner 1.2 rubygem-activesupport-2_3-2.3.14-0.7.4.3 as a component of SUSE Studio Onsite Runner 1.2 rubygem-rack-1.1.2-0.8.8.3 as a component of SUSE Studio Onsite Runner 1.2 rubygem-rails-2_3-2.3.14-0.7.4.3 as a component of SUSE Studio Onsite Runner 1.2 actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters. CVE-2011-0449 SUSE Studio Onsite Runner 1.2:rubygem-actionmailer-2_3-2.3.14-0.7.4.3 SUSE Studio Onsite Runner 1.2:rubygem-actionpack-2_3-2.3.14-0.7.4.3 SUSE Studio Onsite Runner 1.2:rubygem-activerecord-2_3-2.3.14-0.7.4.3 SUSE Studio Onsite Runner 1.2:rubygem-activeresource-2_3-2.3.14-0.7.4.3 SUSE Studio Onsite Runner 1.2:rubygem-activesupport-2_3-2.3.14-0.7.4.3 SUSE Studio Onsite Runner 1.2:rubygem-rack-1.1.2-0.8.8.3 SUSE Studio Onsite Runner 1.2:rubygem-rails-2_3-2.3.14-0.7.4.3 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P