Lucene search
K

6 matches found

Veracode
Veracode
added 2019/01/15 9:0 a.m.40 views

Arbitrary File Access Using A Symlink Attack

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka 'symlink path...

4.3CVSS6AI score0.02952EPSS
Exploits0References15Affected Software4
UbuntuCve
UbuntuCve
added 2013/03/01 5:40 a.m.26 views

CVE-2013-0183

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service memory consumption and out-of-memory error via a long string in a Multipart HTTP packet...

5CVSS5.9AI score0.03778EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2013/02/27 12:0 a.m.5 views

PT-2013-1897 · Rack +1 · Rack +1

Name of the Vulnerable Software and Affected Versions: Rack versions 1.1.3 and earlier Rack versions 1.2.x through 1.2.5 Rack versions 1.3.x through 1.3.6 Rack versions 1.4.x through 1.4.1 Description: The issue is caused by an incorrect regular expression in lib/rack/multipart.rb, which allows...

5CVSS6.1AI score0.03778EPSS
Exploits0References35
Debian CVE
Debian CVE
added 2013/02/08 8:0 p.m.38 views

CVE-2013-0262

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...

4.3CVSS6.4AI score0.02952EPSS
Exploits0
RubySec
RubySec
added 2013/02/07 12:0 a.m.36 views

CVE-2013-0262 rubygem-rack: Path sanitization information disclosure

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...

4.3CVSS6.3AI score0.02952EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/01/13 12:0 a.m.28 views

CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS

Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."...

4.3CVSS6AI score0.02418EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder