|Title||Start Date & Time||End Date & Time|
|Service Restored: Youtube Age-Restricted Content Inaccessible From CU Network||Saturday, September 15, 2018 - 2:28pm|
|Service Maintenance Completed: Wired Network in Multiple Buildings||Thursday, September 20, 2018 - 6:30am||Thursday, September 20, 2018 - 7:30am|
|Service Maintenance Completed: Wi-Fi Services Across Campus||Thursday, September 20, 2018 - 9:00am||Thursday, September 20, 2018 - 10:00am|
|Service Maintenance Scheduled: Turnitin||Saturday, September 22, 2018 - 9:00am||Saturday, September 22, 2018 - 5:30pm|
|Service Maintenance Scheduled: Campus Solutions & Portals||Sunday, September 23, 2018 - 6:00am||Sunday, September 23, 2018 - 2:00pm|
|Service Maintenance Scheduled: F5 Content Switch||Thursday, September 27, 2018 - 6:30pm||Thursday, September 27, 2018 - 7:30pm|
|Service Maintenance Scheduled: Wi-Fi in Bear Creek Apartments||Tuesday, October 2, 2018 - 6:00am||Tuesday, October 2, 2018 - 7:30am|
Ruby on Rails is reporting vulnerabilities in the Ruby on Rails Action Pack framework that if exploited can allow authentication bypass, SQL injection, arbitrary code execution, or denial of service.
**The IT Security Office will be performing non-invasive network based security scans of internet facing systems to identify systems at risk of compromise.**
The IT Security Office strongly advises updating or applying workarounds.
Fixed Versions: 3.2.11, 3.1.10, 3.0.19, 2.3.15
Security bulletin names:
Vulnerability Note VU#380039
Ruby on Rails Action Pack framework insecurely typecasts YAML and Symbol XML parameters
Released: January 8, 2013
Additional information about this vulnerability can be viewed at:
If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or email@example.com. Email and phone help is available Mondays through Thursdays, 7:00 a.m. to 10:00 p.m.; Fridays 7:00 a.m. to 7:00 p.m.; and Saturdays and Sundays, noon to 6:00 p.m.
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.