WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html

hackerone.com/reports/661722

lists.debian.org/debian-lts-announce/2019/11/msg00025.html

lists.debian.org/debian-lts-announce/2019/12/msg00009.html

lists.debian.org/debian-lts-announce/2020/08/msg00027.html

lists.debian.org/debian-lts-announce/2023/04/msg00033.html

seclists.org/bugtraq/2019/Dec/31

seclists.org/bugtraq/2019/Dec/32

security.gentoo.org/glsa/202003-06

www.debian.org/security/2019/dsa-4587

www.oracle.com/security-alerts/cpujan2020.html

cbl_mariner 1

nvd 1

debiancve 1

prion 1

ubuntucve 1

alpinelinux 1

osv 11

cve 1

redhatcve 1

veracode 1

openvas 20

nessus 42

debian 8

freebsd 1

cloudfoundry 1

ubuntu 1

gentoo 1

mageia 2

symantec 1

archlinux 2

amazon 2

suse 1

photon 6

rocky 2

almalinux 2

redhat 6

oraclelinux 2

ibm 1

oracle 1

cbl_mariner

CVE-2019-16201 affecting package ruby 2.6.3-3

2021-06-09 03:50:37

nvd

CVE-2019-16201

2019-11-26 18:15:15

debiancve

CVE-2019-16201

2019-11-26 18:15:15

prion

Code injection

2019-11-26 18:15:00

ubuntucve

CVE-2019-16201

2019-11-20 00:00:00

alpinelinux

CVE-2019-16201

2019-11-26 18:15:15

osv

CVE-2019-16201

2019-11-26 18:15:15

ruby2.3 - security update

2019-12-17 00:00:00

jruby - security update

2019-12-10 00:00:00

cve

CVE-2019-16201

2019-11-26 18:15:15

redhatcve

CVE-2019-16201

2020-03-21 08:11:44

veracode

Regular Expression Denial Of Service (ReDoS)

2019-10-18 06:36:36

openvas

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1615)

2020-06-03 00:00:00

Debian: Security Advisory (DSA-4587-1)

2019-12-18 00:00:00

Mageia: Security Advisory (MGASA-2019-0408)

2022-01-28 00:00:00

nessus

Photon OS 3.0: Ruby PHSA-2020-3.0-0047

2020-01-18 00:00:00

Photon OS 2.0: Ruby PHSA-2019-2.0-0196

2020-01-16 00:00:00

Photon OS 1.0: Ruby PHSA-2019-1.0-0263

2020-01-16 00:00:00

debian

[SECURITY] [DSA 4587-1] ruby2.3 security update

2019-12-17 09:56:14

[SECURITY] [DSA 4586-1] ruby2.5 security update

2019-12-17 09:37:05

[SECURITY] [DSA 4586-1] ruby2.5 security update

2019-12-17 09:37:05

freebsd

ruby -- multiple vulnerabilities

2019-10-01 00:00:00

cloudfoundry

USN-4201-1: Ruby vulnerabilities | Cloud Foundry

2019-12-05 00:00:00

ubuntu

Ruby vulnerabilities

2019-11-26 00:00:00

gentoo

Ruby: Multiple vulnerabilities

2020-03-13 00:00:00

mageia

Updated ruby packages fix security vulnerabilities

2019-12-25 22:08:41

Updated jruby packages fix security vulnerabilities

2020-11-27 23:14:57

symantec

Ruby Multiple Security Vulnerabilities

2019-10-01 00:00:00

archlinux

[ASA-201910-2] ruby: multiple issues

2019-10-02 00:00:00

[ASA-201910-5] ruby2.5: multiple issues

2019-10-02 00:00:00

amazon

Important: ruby

2024-02-29 10:03:00

Important: ruby24

2020-08-26 23:09:00

suse

2020-03-28 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0263

2019-12-27 00:00:00

Critical Photon OS Security Update - PHSA-2019-0263

2019-12-27 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0196

2019-12-20 00:00:00

rocky

ruby:2.5 security, bug fix, and enhancement update

2021-06-29 13:58:20

ruby:2.6 security, bug fix, and enhancement update

2021-06-29 13:58:40

almalinux

Moderate: ruby:2.5 security, bug fix, and enhancement update

2021-06-29 13:58:20

Moderate: ruby:2.6 security, bug fix, and enhancement update

2021-06-29 13:58:40

redhat

(RHSA-2021:2104) Moderate: rh-ruby25-ruby security, bug fix, and enhancement update

2021-05-25 12:17:56

(RHSA-2021:2587) Moderate: ruby:2.5 security, bug fix, and enhancement update

2021-06-29 13:58:20

(RHSA-2021:2230) Moderate: rh-ruby26-ruby security, bug fix, and enhancement update

2021-06-03 07:45:38

oraclelinux

ruby:2.5 security, bug fix, and enhancement update

2021-07-02 00:00:00

ruby:2.6 security, bug fix, and enhancement update

2021-07-07 00:00:00

ibm

Security Bulletin: Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime

2021-10-13 14:44:47

oracle

Oracle Critical Patch Update Advisory - January 2020

2020-01-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.8 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

Related for CVELIST:CVE-2019-16201