Lucene search
K

58 matches found

OSV
OSV
added 2021/05/05 7:49 p.m.33 views

GHSA-7WJX-3G7J-8584 Possible DoS Vulnerability in Action Controller Token Authentication

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses authenticateorrequestwithhttptoken or authenticatewithhttptoken for reques...

7.5CVSS7.5AI score0.04808EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2021/05/05 7:49 p.m.82 views

Possible DoS Vulnerability in Action Controller Token Authentication

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses authenticateorrequestwithhttptoken or authenticatewithhttptoken for reques...

7.5CVSS7.6AI score0.04808EPSS
Exploits1References11Affected Software1
Snyk
Snyk
added 2021/05/05 7:49 p.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. There is a possible denial of service vulnerability in the Token Authentication logic in Action Controller. Impacted code uses authenticateorrequestwithhttptoken or authenticatewithhttptoken for request...

7.5CVSS7AI score0.04808EPSS
Exploits1References2
RubySec
RubySec
added 2021/05/05 12:0 a.m.26 views

Possible DoS Vulnerability in Action Controller Token Authentication

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2021-22904. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses...

7.5CVSS4.4AI score0.04808EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/05/01 12:0 a.m.10 views

PT-2021-4539 · Ruby On Rails +3 · Action Pack +3

Name of the Vulnerable Software and Affected Versions: actionpack versions 4.0.0 through 6.1.3.1, 6.0.3.6, 5.2.4.5, 5.2.5 actionpack versions 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 are not affected Description: The issue is related to a denial of service vulnerability in the Token Authentication logic ...

9.8CVSS6.5AI score0.98507EPSS
Exploits31References103
Veracode
Veracode
added 2019/01/15 9:10 a.m.27 views

Timing Attack Vulnerability In Basic Authentication

Action Controller in the actionpack gem has a flaw in the way it compares usernames and passwords in the basic authentication authorization code. Due to the flaw, attackers can launch a timing attack by analyzing the time taken by a response and use the difference to find a valid username and...

3.7CVSS5.8AI score0.04879EPSS
Exploits0References2Affected Software11
BDU FSTEC
BDU FSTEC
added 2016/03/31 12:0 a.m.6 views

The vulnerability of the Ruby on Rails software platform, which allows attackers to bypass the authentication process

The vulnerability of the httpbasicauthenticatewith method in the ActionController/lib/actioncontroller/metal/httpauthentication.rb implementation of Basic Authentication in the Ruby on Rails software framework is related to security configuration errors. Exploiting this vulnerability allows a...

4.3CVSS6.4AI score0.04879EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2016/03/15 8:56 p.m.9 views

rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller

A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing...

4.3CVSS7.2AI score0.04879EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2016/03/15 8:55 p.m.5 views

rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller

A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing...

4.3CVSS7.2AI score0.04879EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2016/02/24 10:36 a.m.6 views

rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller

A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing...

4.3CVSS7.2AI score0.04879EPSS
Exploits0References6
Prion
Prion
added 2016/02/16 2:59 a.m.25 views

Authentication flaw

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

4.3CVSS7.2AI score0.04879EPSS
Exploits0References13Affected Software2
OSV
OSV
added 2016/02/16 2:59 a.m.6 views

UBUNTU-CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

3.7CVSS5.9AI score0.04879EPSS
Exploits0References3
OSV
OSV
added 2016/02/16 2:59 a.m.2 views

DEBIAN-CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

3.7CVSS6AI score0.04879EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2016/02/16 2:0 a.m.25 views

CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

4.3CVSS6.1AI score0.04879EPSS
Exploits0
CVE
CVE
added 2016/02/16 2:0 a.m.113 views

CVE-2015-7576

Ruby on Rails: The http_basic_authenticate_with path in Action Controller is vulnerable to a timing-attack bypass when verifying credentials, not using constant-time comparison. A remote attacker could determine valid usernames/passwords by measuring response times. Affected rails versions includ...

4.3CVSS5AI score0.04879EPSS
Exploits0References13Affected Software2
CNVD
CNVD
added 2016/02/08 12:0 a.m.6 views

Ruby On Rails Action Controller Information Disclosure Vulnerability

Ruby on Rails is the Rails core team to develop and maintain a set of open source Ruby-based Web application framework . Action Controller is one of the MVC C controller component . Ruby On Rails Action Controller has a security vulnerability that allows remote attackers to submit special request...

4.3CVSS7.5AI score0.04879EPSS
Exploits0References1
Hacker One
Hacker One
added 2015/10/19 11:1 a.m.122 views

Ruby on Rails: http_basic_authenticate_with is suseptible to timing attacks.

Timing attack vulnerability in basic authentication in Action Controller. There is a timing attack vulnerability in the basic authentication support in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2015-7576. Versions Affected: All. Not affected: None. Fixed...

4.3CVSS6.1AI score0.04879EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2011/08/29 6:55 p.m.30 views

CVE-2011-3186

CRLF injection vulnerability in actionpack/lib/actioncontroller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header...

4.3CVSS7.2AI score0.01748EPSS
Exploits0References2
Rows per page
Query Builder