14168 matches found
DEBIAN-CVE-2024-47220
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...
UBUNTU-CVE-2024-47220
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...
CVE-2024-47220
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...
HTTP Request Smuggling in ruby webrick
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier''s position is "Webri...
CVE-2024-47220
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...
CVE-2024-47220
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...
CVE-2024-47220
The CVE-2024-47220 issue affects the WEBrick toolkit in Ruby (through 1.8.1). It enables HTTP request smuggling by sending both Content-Length and Transfer-Encoding in the same request, e.g., a crafted GET line embedded in a POST request. The advisory notes WEBrick should not be used in productio...
BIT-GITLAB-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
[SECURITY] [DSA 5774-1] ruby-saml security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5774-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2024 https://www.debian.org/security/faq -...
DSA-5774-1 ruby-saml - security update
Bulletin has no description...
UBUNTU-CVE-2024-45614
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...
Debian dsa-5774 : ruby-saml - security update
The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5774 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5774-1 [email protected] https://www.debian.org/security/...
Fedora 39 : ruby (2024-2fb325d068)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2fb325d068 advisory. Upgrade to Ruby 3.2.5. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Fedora: Security Advisory (FEDORA-2024-2fb325d068)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
AlmaLinux 8 : ruby:3.3 (ALSA-2024:6784)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6784 advisory. rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace characte...
SUSE CVE-2024-45409
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
CVE-2024-45614 vulnerabilities
Vulnerabilities for packages: gitlab-cng, ruby3.2-puma...
CVE-2024-45614
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...
CVE-2024-45614
Puma (Ruby/Rack) is affected by CVE-2024-45614 due to improper header normalization that lets clients clobber proxy headers via an underscore variant (X-Forwarded_For). Affected versions do not discard the underscore header when the non-underscore header exists; fixed in v6.4.3 and v5.6.9 which n...
CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...