Detections
Analytics
RHEL 7 : Satellite 6.9 Release (Moderate) (RHSA-2021:1313)
high Nessus Plugin ID 148903
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1313 advisory.- rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses (CVE-2015-1820)
- rubygem-rest-client: unsanitized application logging (CVE-2015-3448)
- foreman: Managing repositories with their id via hammer does not respect the role filters (CVE-2017-2662)
- rack-protection: Timing attack in authenticity_token.rb (CVE-2018-1000119)
- rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)
- python-psutil: Double free because of refcount mishandling (CVE-2019-18874)
- netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
- foreman: world-readable OMAPI secret through the ISC DHCP server (CVE-2020-14335)
- rubygem-activeview: Cross-site scripting in translation helpers (CVE-2020-15169)
- resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling (CVE-2020-25633)
- rubygem-activestorage: circumvention of file size limits in ActiveStorage (CVE-2020-8162)
- rubygem-actionpack: possible strong parameters bypass (CVE-2020-8164)
- rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore (CVE-2020-8165)
- rubygem-actionpack: ability to forge per-form CSRF tokens given a global CSRF token (CVE-2020-8166)
- rubygem-actionview: CSRF vulnerability in rails-ujs (CVE-2020-8167)
- rubygem-rails: untrusted users able to run pending migrations in production (CVE-2020-8185)
- django: potential SQL injection via tolerance parameter in GIS functions and aggregates on Oracle (CVE-2020-9402)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.redhat.com/1772014
https://bugzilla.redhat.com/1789100
https://bugzilla.redhat.com/1810088
https://bugzilla.redhat.com/1816216
https://bugzilla.redhat.com/1842634
https://bugzilla.redhat.com/1843005
https://bugzilla.redhat.com/1843072
https://bugzilla.redhat.com/1843084
https://bugzilla.redhat.com/1843152
https://bugzilla.redhat.com/1852380
https://bugzilla.redhat.com/1858302
https://bugzilla.redhat.com/1877566
https://bugzilla.redhat.com/1879042
https://access.redhat.com/security/cve/CVE-2015-1820
https://access.redhat.com/security/cve/CVE-2015-3448
https://access.redhat.com/security/cve/CVE-2017-2662
https://access.redhat.com/security/cve/CVE-2018-1000119
https://access.redhat.com/security/cve/CVE-2019-16782
https://access.redhat.com/security/cve/CVE-2019-18874
https://access.redhat.com/security/cve/CVE-2020-8162
https://access.redhat.com/security/cve/CVE-2020-8164
https://access.redhat.com/security/cve/CVE-2020-8165
https://access.redhat.com/security/cve/CVE-2020-8166
https://access.redhat.com/security/cve/CVE-2020-8167
https://access.redhat.com/security/cve/CVE-2020-8185
https://access.redhat.com/security/cve/CVE-2020-9402
https://access.redhat.com/security/cve/CVE-2020-11612
https://access.redhat.com/security/cve/CVE-2020-14335
https://access.redhat.com/security/cve/CVE-2020-15169
https://access.redhat.com/security/cve/CVE-2020-25633
https://access.redhat.com/errata/RHSA-2021:1313
https://bugzilla.redhat.com/1205291
https://bugzilla.redhat.com/1240982
Plugin Details
Severity: High
ID: 148903
File Name: redhat-RHSA-2021-1313.nasl
Version: 1.8
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 4/21/2021
Updated: 1/23/2023
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2020-9402
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:ansible-collection-redhat-satellite, p-cpe:/a:redhat:enterprise_linux:ansible-runner, p-cpe:/a:redhat:enterprise_linux:ansiblerole-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:ansiblerole-insights-client, p-cpe:/a:redhat:enterprise_linux:ansiblerole-satellite-receptor-installer, p-cpe:/a:redhat:enterprise_linux:candlepin, p-cpe:/a:redhat:enterprise_linux:candlepin-selinux, p-cpe:/a:redhat:enterprise_linux:crane-selinux, p-cpe:/a:redhat:enterprise_linux:createrepo_c, p-cpe:/a:redhat:enterprise_linux:createrepo_c-libs, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat, p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat-tftpboot, p-cpe:/a:redhat:enterprise_linux:foreman-cli, p-cpe:/a:redhat:enterprise_linux:foreman-debug, p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image, p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image-service, p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image-service-tui, p-cpe:/a:redhat:enterprise_linux:foreman-dynflow-sidekiq, p-cpe:/a:redhat:enterprise_linux:foreman-ec2, p-cpe:/a:redhat:enterprise_linux:foreman-gce, p-cpe:/a:redhat:enterprise_linux:foreman-installer, p-cpe:/a:redhat:enterprise_linux:foreman-installer-katello, p-cpe:/a:redhat:enterprise_linux:foreman-journald, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:foreman-openstack, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:foreman-proxy, p-cpe:/a:redhat:enterprise_linux:foreman-proxy-content, p-cpe:/a:redhat:enterprise_linux:foreman-proxy-journald, p-cpe:/a:redhat:enterprise_linux:foreman-proxy-selinux, p-cpe:/a:redhat:enterprise_linux:foreman-selinux, p-cpe:/a:redhat:enterprise_linux:foreman-service, p-cpe:/a:redhat:enterprise_linux:foreman-telemetry, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:hfsplus-tools, p-cpe:/a:redhat:enterprise_linux:katello, p-cpe:/a:redhat:enterprise_linux:katello-certs-tools, p-cpe:/a:redhat:enterprise_linux:katello-client-bootstrap, p-cpe:/a:redhat:enterprise_linux:katello-common, p-cpe:/a:redhat:enterprise_linux:katello-debug, p-cpe:/a:redhat:enterprise_linux:katello-selinux, p-cpe:/a:redhat:enterprise_linux:keycloak-httpd-client-install, p-cpe:/a:redhat:enterprise_linux:kobo, p-cpe:/a:redhat:enterprise_linux:libcomps, p-cpe:/a:redhat:enterprise_linux:libmodulemd, p-cpe:/a:redhat:enterprise_linux:libmodulemd2, p-cpe:/a:redhat:enterprise_linux:libsolv, p-cpe:/a:redhat:enterprise_linux:libwebsockets, p-cpe:/a:redhat:enterprise_linux:livecd-tools, p-cpe:/a:redhat:enterprise_linux:mod_passenger, p-cpe:/a:redhat:enterprise_linux:mod_xsendfile, p-cpe:/a:redhat:enterprise_linux:ostree, p-cpe:/a:redhat:enterprise_linux:pcp-mmvstatsd, p-cpe:/a:redhat:enterprise_linux:pulp-admin-client, p-cpe:/a:redhat:enterprise_linux:pulp-docker-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-docker-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-katello, p-cpe:/a:redhat:enterprise_linux:pulp-maintenance, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-child, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-common, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-parent, p-cpe:/a:redhat:enterprise_linux:pulp-ostree-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-ostree-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-tools, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-selinux, p-cpe:/a:redhat:enterprise_linux:pulp-server, p-cpe:/a:redhat:enterprise_linux:pulpcore-selinux, p-cpe:/a:redhat:enterprise_linux:puppet-agent, p-cpe:/a:redhat:enterprise_linux:puppet-agent-oauth, p-cpe:/a:redhat:enterprise_linux:puppet-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:puppetlabs-stdlib, p-cpe:/a:redhat:enterprise_linux:puppetserver, p-cpe:/a:redhat:enterprise_linux:pycairo, p-cpe:/a:redhat:enterprise_linux:python-blinker, p-cpe:/a:redhat:enterprise_linux:python-bson, p-cpe:/a:redhat:enterprise_linux:python-gnupg, p-cpe:/a:redhat:enterprise_linux:python-gofer, p-cpe:/a:redhat:enterprise_linux:python-gofer-qpid, p-cpe:/a:redhat:enterprise_linux:python-imgcreate, p-cpe:/a:redhat:enterprise_linux:python-kid, p-cpe:/a:redhat:enterprise_linux:python-mongoengine, p-cpe:/a:redhat:enterprise_linux:python-nectar, p-cpe:/a:redhat:enterprise_linux:python-oauth2, p-cpe:/a:redhat:enterprise_linux:python-pulp-agent-lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-bindings, p-cpe:/a:redhat:enterprise_linux:python-pulp-client-lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-docker-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-integrity, p-cpe:/a:redhat:enterprise_linux:python-pulp-oid_validation, p-cpe:/a:redhat:enterprise_linux:python-pulp-ostree-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-puppet-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-repoauth, p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-streamer, p-cpe:/a:redhat:enterprise_linux:python-pymongo, p-cpe:/a:redhat:enterprise_linux:python-pymongo-gridfs, p-cpe:/a:redhat:enterprise_linux:python-qpid, p-cpe:/a:redhat:enterprise_linux:python-qpid-proton, p-cpe:/a:redhat:enterprise_linux:python-qpid-qmf, p-cpe:/a:redhat:enterprise_linux:python-saslwrapper, p-cpe:/a:redhat:enterprise_linux:python-semantic_version, p-cpe:/a:redhat:enterprise_linux:python-simplejson, p-cpe:/a:redhat:enterprise_linux:python-zope-interface, p-cpe:/a:redhat:enterprise_linux:python2-amqp, p-cpe:/a:redhat:enterprise_linux:python2-ansible-runner, p-cpe:/a:redhat:enterprise_linux:python2-anyjson, p-cpe:/a:redhat:enterprise_linux:python2-billiard, p-cpe:/a:redhat:enterprise_linux:python2-celery, p-cpe:/a:redhat:enterprise_linux:python2-click, p-cpe:/a:redhat:enterprise_linux:python2-crane, p-cpe:/a:redhat:enterprise_linux:python2-daemon, p-cpe:/a:redhat:enterprise_linux:python2-django, p-cpe:/a:redhat:enterprise_linux:python2-flask, p-cpe:/a:redhat:enterprise_linux:python2-future, p-cpe:/a:redhat:enterprise_linux:python2-gobject, p-cpe:/a:redhat:enterprise_linux:python2-gobject-base, p-cpe:/a:redhat:enterprise_linux:python2-isodate, p-cpe:/a:redhat:enterprise_linux:python2-itsdangerous, p-cpe:/a:redhat:enterprise_linux:python2-jinja2, p-cpe:/a:redhat:enterprise_linux:python2-jmespath, p-cpe:/a:redhat:enterprise_linux:python2-keycloak-httpd-client-install, p-cpe:/a:redhat:enterprise_linux:python2-kombu, p-cpe:/a:redhat:enterprise_linux:python2-lockfile, p-cpe:/a:redhat:enterprise_linux:python2-markupsafe, p-cpe:/a:redhat:enterprise_linux:python2-okaara, p-cpe:/a:redhat:enterprise_linux:python2-pexpect, p-cpe:/a:redhat:enterprise_linux:python2-psutil, p-cpe:/a:redhat:enterprise_linux:python2-ptyprocess, p-cpe:/a:redhat:enterprise_linux:python2-pycurl, p-cpe:/a:redhat:enterprise_linux:python2-solv, p-cpe:/a:redhat:enterprise_linux:python2-twisted, p-cpe:/a:redhat:enterprise_linux:python2-vine, p-cpe:/a:redhat:enterprise_linux:python2-werkzeug, p-cpe:/a:redhat:enterprise_linux:python3-aiodns, p-cpe:/a:redhat:enterprise_linux:python3-aiofiles, p-cpe:/a:redhat:enterprise_linux:python3-aiohttp, p-cpe:/a:redhat:enterprise_linux:python3-async-timeout, p-cpe:/a:redhat:enterprise_linux:python3-attrs, p-cpe:/a:redhat:enterprise_linux:python3-backoff, p-cpe:/a:redhat:enterprise_linux:python3-cairo, p-cpe:/a:redhat:enterprise_linux:python3-certifi, p-cpe:/a:redhat:enterprise_linux:python3-cffi, p-cpe:/a:redhat:enterprise_linux:python3-chardet, p-cpe:/a:redhat:enterprise_linux:python3-click, p-cpe:/a:redhat:enterprise_linux:python3-createrepo_c, p-cpe:/a:redhat:enterprise_linux:python3-cryptography, p-cpe:/a:redhat:enterprise_linux:python3-dateutil, p-cpe:/a:redhat:enterprise_linux:python3-defusedxml, p-cpe:/a:redhat:enterprise_linux:python3-diff-match-patch, p-cpe:/a:redhat:enterprise_linux:python3-django, p-cpe:/a:redhat:enterprise_linux:python3-django-currentuser, p-cpe:/a:redhat:enterprise_linux:python3-django-filter, p-cpe:/a:redhat:enterprise_linux:python3-django-guardian, p-cpe:/a:redhat:enterprise_linux:python3-django-import-export, p-cpe:/a:redhat:enterprise_linux:python3-django-lifecycle, p-cpe:/a:redhat:enterprise_linux:python3-django-prometheus, p-cpe:/a:redhat:enterprise_linux:python3-django-readonly-field, p-cpe:/a:redhat:enterprise_linux:python3-djangorestframework, p-cpe:/a:redhat:enterprise_linux:python3-djangorestframework-queryfields, p-cpe:/a:redhat:enterprise_linux:python3-drf-access-policy, p-cpe:/a:redhat:enterprise_linux:python3-drf-nested-routers, p-cpe:/a:redhat:enterprise_linux:python3-drf-spectacular, p-cpe:/a:redhat:enterprise_linux:python3-dynaconf, p-cpe:/a:redhat:enterprise_linux:python3-ecdsa, p-cpe:/a:redhat:enterprise_linux:python3-et-xmlfile, p-cpe:/a:redhat:enterprise_linux:python3-future, p-cpe:/a:redhat:enterprise_linux:python3-gnupg, p-cpe:/a:redhat:enterprise_linux:python3-gobject, p-cpe:/a:redhat:enterprise_linux:python3-gobject-base, p-cpe:/a:redhat:enterprise_linux:python3-gunicorn, p-cpe:/a:redhat:enterprise_linux:python3-idna, p-cpe:/a:redhat:enterprise_linux:python3-idna-ssl, p-cpe:/a:redhat:enterprise_linux:python3-importlib-metadata, p-cpe:/a:redhat:enterprise_linux:python3-inflection, p-cpe:/a:redhat:enterprise_linux:python3-iniparse, p-cpe:/a:redhat:enterprise_linux:python3-jdcal, p-cpe:/a:redhat:enterprise_linux:python3-jinja2, p-cpe:/a:redhat:enterprise_linux:python3-jsonschema, p-cpe:/a:redhat:enterprise_linux:python3-libcomps, p-cpe:/a:redhat:enterprise_linux:python3-markuppy, p-cpe:/a:redhat:enterprise_linux:python3-markupsafe, p-cpe:/a:redhat:enterprise_linux:python3-mongoengine, p-cpe:/a:redhat:enterprise_linux:python3-multidict, p-cpe:/a:redhat:enterprise_linux:python3-odfpy, p-cpe:/a:redhat:enterprise_linux:python3-openpyxl, p-cpe:/a:redhat:enterprise_linux:python3-productmd, p-cpe:/a:redhat:enterprise_linux:python3-prometheus-client, p-cpe:/a:redhat:enterprise_linux:python3-psycopg2, p-cpe:/a:redhat:enterprise_linux:python3-pulp-2to3-migration, p-cpe:/a:redhat:enterprise_linux:python3-pulp-certguard, p-cpe:/a:redhat:enterprise_linux:python3-pulp-container, p-cpe:/a:redhat:enterprise_linux:python3-pulp-file, p-cpe:/a:redhat:enterprise_linux:python3-pulp-rpm, p-cpe:/a:redhat:enterprise_linux:python3-pulpcore, p-cpe:/a:redhat:enterprise_linux:python3-pyopenssl, p-cpe:/a:redhat:enterprise_linux:python3-pycares, p-cpe:/a:redhat:enterprise_linux:python3-pycparser, p-cpe:/a:redhat:enterprise_linux:python3-pycryptodomex, p-cpe:/a:redhat:enterprise_linux:python3-pygtrie, p-cpe:/a:redhat:enterprise_linux:python3-pyjwkest, p-cpe:/a:redhat:enterprise_linux:python3-pyjwt, p-cpe:/a:redhat:enterprise_linux:python3-pymongo, p-cpe:/a:redhat:enterprise_linux:python3-pyrsistent, p-cpe:/a:redhat:enterprise_linux:python3-pytz, p-cpe:/a:redhat:enterprise_linux:python3-pyyaml, p-cpe:/a:redhat:enterprise_linux:python3-receptor-satellite, p-cpe:/a:redhat:enterprise_linux:python3-redis, p-cpe:/a:redhat:enterprise_linux:python3-requests, p-cpe:/a:redhat:enterprise_linux:python3-rpm, p-cpe:/a:redhat:enterprise_linux:python3-rq, p-cpe:/a:redhat:enterprise_linux:python3-semantic-version, p-cpe:/a:redhat:enterprise_linux:python3-six, p-cpe:/a:redhat:enterprise_linux:python3-solv, p-cpe:/a:redhat:enterprise_linux:python3-sqlparse, p-cpe:/a:redhat:enterprise_linux:python3-subscription-manager-rhsm, p-cpe:/a:redhat:enterprise_linux:python3-tablib, p-cpe:/a:redhat:enterprise_linux:python3-typing, p-cpe:/a:redhat:enterprise_linux:python3-typing-extensions, p-cpe:/a:redhat:enterprise_linux:python3-uritemplate, p-cpe:/a:redhat:enterprise_linux:python3-url-normalize, p-cpe:/a:redhat:enterprise_linux:python3-urllib3, p-cpe:/a:redhat:enterprise_linux:python3-urlman, p-cpe:/a:redhat:enterprise_linux:python3-whitenoise, p-cpe:/a:redhat:enterprise_linux:python3-xlrd, p-cpe:/a:redhat:enterprise_linux:python3-xlwt, p-cpe:/a:redhat:enterprise_linux:python3-yarl, p-cpe:/a:redhat:enterprise_linux:python3-zipp, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client-devel, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server-linearstore, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-router, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-tools, p-cpe:/a:redhat:enterprise_linux:qpid-proton-c, p-cpe:/a:redhat:enterprise_linux:qpid-qmf, p-cpe:/a:redhat:enterprise_linux:qpid-tools, p-cpe:/a:redhat:enterprise_linux:receptor, p-cpe:/a:redhat:enterprise_linux:redhat-access-insights-puppet, p-cpe:/a:redhat:enterprise_linux:repoview, p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-evr, p-cpe:/a:redhat:enterprise_linux:rhel8-kickstart-setup, p-cpe:/a:redhat:enterprise_linux:rubygem-facter, p-cpe:/a:redhat:enterprise_linux:rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:rubygem-highline, p-cpe:/a:redhat:enterprise_linux:rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:rubygem-rack, p-cpe:/a:redhat:enterprise_linux:rubygem-rake, p-cpe:/a:redhat:enterprise_linux:saslwrapper, p-cpe:/a:redhat:enterprise_linux:satellite, p-cpe:/a:redhat:enterprise_linux:satellite-capsule, p-cpe:/a:redhat:enterprise_linux:satellite-cli, p-cpe:/a:redhat:enterprise_linux:satellite-common, p-cpe:/a:redhat:enterprise_linux:satellite-debug-tools, p-cpe:/a:redhat:enterprise_linux:satellite-installer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actioncable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionmailbox, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionmailer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-googleauth, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-graphql, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-graphql-batch, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gssapi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_admin, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_azure_rm, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_discovery, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_docker, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_kubevirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_leapp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_tasks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_templates, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_katello, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hashie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-highline, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http-cookie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http-form_data, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http_parser.rb, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-httpclient, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-i18n, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-infoblox, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ipaddress, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actiontext, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionview, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activejob, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activemodel, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-import, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-session_store, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activestorage, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activesupport, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-addressable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-algebrick, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-amazing_print, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ancestry, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-anemone, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-angular-rails-templates, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ansi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-bindings, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-dsl, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-params, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-audited, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_compute, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_network, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_resources, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_storage, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_subscriptions, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bcrypt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-builder, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bundler_ext, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-clamp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-coffee-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-coffee-script, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-coffee-script-source, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-concurrent-ruby, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-concurrent-ruby-edge, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-connection_pool, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-crass, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-css_parser, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-daemons, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deacon, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-declarative, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-declarative-option, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deep_cloneable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deface, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-diffy, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-domain_name, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-dynflow, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-erubi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-excon, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-execjs, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-facter, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday-cookie_jar, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday_middleware, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ffi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-aws, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-google, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-json, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-kubevirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-libvirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-openstack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-ovirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-vsphere, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-xml, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks-core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_azure_rm, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_discovery, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_hooks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_kubevirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_leapp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution-cockpit, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_rh_cloud, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_templates, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_theme_satellite, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-formatador, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-friendly_id, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fx, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-get_process_mem, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gettext, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gettext_i18n_rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jgrep, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-logger, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-native, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jwt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kafo, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kafo_parsers, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kafo_wizards, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-katello, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kubeclient, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ldap_fluff, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbovirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbvmomi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-record_tag_helper, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-recursive-open-struct, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redfish_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access_lib, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redis, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-representable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-responders, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-retriable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rkerberos, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-robotex, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rsec, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby-libvirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby2ruby, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby_parser, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging-journald, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-loofah, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mail, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-marcel, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-memoist, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-method_source, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mime-types, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mime-types-data, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mimemagic, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mini_mime, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mini_portile2, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ms_rest, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ms_rest_azure, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-multipart-post, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mustermann, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ldap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ping, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-scp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh-krb, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-netrc, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-newt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-nio4r, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-nokogiri, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-optimist, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-os, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt-engine-sdk, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt_provision_plugin, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-parse-cron, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pg, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-polyglot, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-powerbar, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-prometheus-client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-promise.rb, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-public_suffix, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_2to3_migration_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_ansible_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_certguard_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_container_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_deb_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_file_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_rpm_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulpcore_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-puma, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-puma-plugin-systemd, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-quantile, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rabl, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-cors, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-jsonp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-protection, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-test, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-dom-testing, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-html-sanitizer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-i18n, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-railties, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rainbow, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rb-inotify, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_pulp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_remote_execution_ssh, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sprockets, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rubyipmi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-runcible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-safemode, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-scoped_search, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sd_notify, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-secure_headers, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sequel, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-server_sent_events, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sexp_processor, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sidekiq, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-signet, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sinatra, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dhcp_infoblox, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dhcp_remote_isc, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_discovery, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_discovery_image, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dns_infoblox, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dynflow, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dynflow_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sprockets-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sqlite3, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sshkey, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-statsd-instrument, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-stomp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-text, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-thor, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-thread_safe, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-tilt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-timeliness, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-tzinfo, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-uber, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf_ext, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode-display_width, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-validates_lengths_from_database, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-webpack-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-websocket-driver, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-websocket-extensions, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-will_paginate, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-xmlrpc, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-zeitwerk, p-cpe:/a:redhat:enterprise_linux:tfm-runtime, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-git, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gitlab-sidekiq-fetcher, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-globalid, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-google-api-client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-google-cloud-env, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-locale
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 4/21/2021
Vulnerability Publication Date: 3/23/2015
Reference Information
CVE: CVE-2017-2662, CVE-2019-18874, CVE-2020-11612, CVE-2020-14335, CVE-2020-25633, CVE-2020-9402