15 matches found
CVE-2025-32441 vulnerabilities
Vulnerabilities for packages: ruby3.3-rack, ruby3.4-rack, ruby3.2-rack, ruby4.0-rack...
Fedora: Security Advisory (FEDORA-2025-eae2126736)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-4357 : ruby-rack - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4357 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4357-1 [email protected]...
openSUSE Security Advisory (SUSE-SU-2025:02564-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2025:02564-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : rmt-server (SUSE-SU-2025:02564-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02564-1 advisory. - Update to version 2.23 - CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. bsc1242893 -...
SUSE: Security Advisory (SUSE-SU-2025:02429-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2025:02429-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02429-1 advisory. - Update to version 2.23 - CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. bsc1242893 - CVE-2025-32441: Fixed a...
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2025:02329-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02329-1 advisory. - Update to version 2.23 - CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. bsc1242893 - CVE-2025-32441: Fixed a...
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2025:02330-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02330-1 advisory. - Update to version 2.23 - CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. bsc1242893 - CVE-2025-32441: Fixed a...
openSUSE Security Advisory (SUSE-SU-2025:01586-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-7507-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-32441
Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...
CVE-2025-32441 Rack session gets restored after deletion
Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...
CVE-2025-32441
CVE-2025-32441 affects the Rack Ruby web server interface. Before 2.2.14, when using the Rack::Session::Pool middleware, concurrent requests can cause a deleted session to be restored, enabling an unauthenticated user to reuse that session. The exploitation scenario requires an attacker to obtain...