rails vulnerable to improper authentication

🗓️ 24 Oct 2017 18:33:38Reported by GitHub Advisory DatabaseType

github

github🔗 github.com👁 26 Views

rails improper authentication vulnerabilit

Reporter	Title	Published	Views	Family All 23
Tenable Nessus	Mac OS X < 10.6.3 Multiple Vulnerabilities	30 Mar 201000:00	–	nessus
Tenable Nessus	GLSA-200912-02 : Ruby on Rails: Multiple vulnerabilities	22 Dec 200900:00	–	nessus
Tenable Nessus	Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities	29 Mar 201000:00	–	nessus
Tenable Nessus	Mac OS X Multiple Vulnerabilities (Security Update 2010-002)	29 Mar 201000:00	–	nessus
Tenable Nessus	Ruby on Rails HTTP Digest Authentication Bypass	21 Jul 200900:00	–	nessus
CVE	CVE-2009-2422	10 Jul 200915:00	–	cve
Cvelist	CVE-2009-2422	10 Jul 200915:00	–	cvelist
Debian CVE	CVE-2009-2422	10 Jul 200915:00	–	debiancve
Gentoo Linux	Ruby on Rails: Multiple vulnerabilities	20 Dec 200900:00	–	gentoo
NVD	CVE-2009-2422	10 Jul 200915:30	–	nvd

Vulners

Node

rubyonrails railsRange<2.3.3rubygems

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2009-2422
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/51528
lists	www.lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
n8	www.n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s
support	www.support.apple.com/kb/HT4077
weblog	www.weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml
web	www.web.archive.org/web/20090711160153/http://secunia.com/advisories/35702
web	www.web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579
github	www.github.com/advisories/GHSA-rxq3-gm4p-5fj4

13 Feb 2024 19:37Current

5.2Medium risk

Vulners AI Score5.2

CVSS 27.5

CVSS 3.19.8

EPSS0.00403

rails authentication vulnerability ruby on rails http_authentication context-dependent attacker bypass