Lucene search
K

112 matches found

CVE
CVE
added 2015/04/29 8:0 p.m.104 views

CVE-2015-3448

The vulnerability CVE-2015-3448 affects the REST Client for Ruby (rest-client) prior to 1.7.3, where usernames and passwords are logged, enabling local users to read sensitive information from logs. Affected component is the rest-client Ruby library; root cause is credentials being written to log...

2.1CVSS8.4AI score0.00373EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2015/04/29 8:0 p.m.38 views

CVE-2015-3448

REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...

2.1CVSS8.3AI score0.00373EPSS
Exploits0
RubySec
RubySec
added 2015/04/29 12:0 a.m.36 views

rest-client ruby gem logs sensitive information

REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...

2.1CVSS2.5AI score0.00373EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/04/17 12:0 a.m.21 views

openSUSE Security Update : rubygem-rest-client (openSUSE-2015-307)

rubygem-rest-client was updated to fix one security issue. The following vulnerability was fixed : - Application logging of password information in plaintext could have allowed a local attacker to gain access to this information bnc917802 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

5.5AI score
Exploits0References1
FreeBSD
FreeBSD
added 2015/03/24 12:0 a.m.32 views

rest-client -- session fixation vulnerability

Andy Brody reports: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration...

9.8CVSS9.1AI score0.04345EPSS
Exploits0References1
RubySec
RubySec
added 2015/03/24 12:0 a.m.39 views

CVE-2015-1820 rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses

REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

9.8CVSS8.6AI score0.04345EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2015/01/12 12:0 a.m.39 views

rest-client -- plaintext password disclosure

The open sourced vulnerability database reports: REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information...

2.1CVSS9.2AI score0.00373EPSS
Exploits0References2
Prion
Prion
added 2014/04/17 2:55 p.m.13 views

Design/Logic Flaw

The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors...

6.8CVSS7AI score0.01968EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2014/04/17 2:0 p.m.70 views

CVE-2014-0036

CVE-2014-0036 affects the rbovirt gem for Ruby, where versions before 0.0.24 use the rest-client library with SSL verification disabled, enabling remote attackers to perform MITM attacks via unspecified vectors. The vulnerability has a CVSS v2 base score of 6.8 (Network, Medium risk). Reported ac...

6.8CVSS6.5AI score0.01968EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/04/17 2:0 p.m.27 views

CVE-2014-0036

The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors...

6.4AI score0.01968EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/03/17 12:0 a.m.23 views

Fedora 19 : rubygem-rbovirt-0.0.18-4.fc19 (2014-3573)

Fix unsafe use of rest-client CVE-2014-0036. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

6.8CVSS5.4AI score0.01968EPSS
Exploits0References3
RubySec
RubySec
added 2014/03/05 12:0 a.m.17 views

CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client

The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors...

6.8CVSS6.4AI score0.01968EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder