112 matches found
CVE-2015-3448
The vulnerability CVE-2015-3448 affects the REST Client for Ruby (rest-client) prior to 1.7.3, where usernames and passwords are logged, enabling local users to read sensitive information from logs. Affected component is the rest-client Ruby library; root cause is credentials being written to log...
CVE-2015-3448
REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...
rest-client ruby gem logs sensitive information
REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...
openSUSE Security Update : rubygem-rest-client (openSUSE-2015-307)
rubygem-rest-client was updated to fix one security issue. The following vulnerability was fixed : - Application logging of password information in plaintext could have allowed a local attacker to gain access to this information bnc917802 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
rest-client -- session fixation vulnerability
Andy Brody reports: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration...
CVE-2015-1820 rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses
REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...
rest-client -- plaintext password disclosure
The open sourced vulnerability database reports: REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information...
Design/Logic Flaw
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors...
CVE-2014-0036
CVE-2014-0036 affects the rbovirt gem for Ruby, where versions before 0.0.24 use the rest-client library with SSL verification disabled, enabling remote attackers to perform MITM attacks via unspecified vectors. The vulnerability has a CVSS v2 base score of 6.8 (Network, Medium risk). Reported ac...
CVE-2014-0036
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors...
Fedora 19 : rubygem-rbovirt-0.0.18-4.fc19 (2014-3573)
Fix unsafe use of rest-client CVE-2014-0036. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors...