111 matches found
CVE-2015-1820
The CVE-2015-1820 vulnerability affects the RubyGem rest-client (REST client for Ruby) up to version 1.8.0, where Set-Cookie headers in HTTP 30x redirects can be reused by an attacker to hijack a user session or access cookies. The connected documents corroborate this issue across multiple source...
CVE-2015-1820
REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...
Fedora 23 : rubygem-rest-client (2015-8dce7405bf)
Update to rest-client 1.8.0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Whitewidow - SQL Vulnerability Scanner
Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server information, multiple SQL injection syntax, and a...
Automated SQL Vulnerability Scanner: Whitewidow
Open Source Automated SQL Vulnerability Scanner Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server...
rubygem-rest-client: unsanitized application logging
REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...
rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses
REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...
FreeBSD : rest-client -- session fixation vulnerability (83a7a720-07d8-11e5-9a28-001e67150279)
Andy Brody reports : When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
FreeBSD : rest-client -- plaintext password disclosure (ffe2d86c-07d9-11e5-9a28-001e67150279)
The open sourced vulnerability database reports : REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
MGASA-2015-0227 Updated ruby-rest-client packages fix security vulnerabilities
Updated ruby-rest-client packages fix security vulnerability: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation...
Updated ruby-rest-client packages fix security vulnerabilities
Updated ruby-rest-client packages fix security vulnerability: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation...
Ruby REST Client Information Disclosure Vulnerability
Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto.REST Client aka rest-client is one of the simple HTTP and REST client. A security vulnerability exists in Ruby REST Client versions prior to 1.7.3. Since t...
CVE-2015-3448
REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...
CVE-2015-3448
REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...
DEBIAN-CVE-2015-3448
REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...
UBUNTU-CVE-2015-3448
REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...
CVE-2015-3448
REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...
Cross site request forgery (csrf)
REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...
CVE-2015-3448
REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...
CVE-2015-3448
The vulnerability CVE-2015-3448 affects the REST Client for Ruby (rest-client) prior to 1.7.3, where usernames and passwords are logged, enabling local users to read sensitive information from logs. Affected component is the rest-client Ruby library; root cause is credentials being written to log...