55 matches found
GHSA-VC47-6RQG-C7F5 HTTP response splitting in CGI
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to...
UBUNTU-CVE-2021-33621
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object...
Improper Authentication
Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Improper Authentication. CGI::Cookie.parse mishandles security prefixes in cookie names by applying URL decoding to cookie names. An attacker could exploit this vulnerability t...
AZL-7126 CVE-2021-41819 affecting package ruby for versions less than 3.1.2-2
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...
Lib CGI 0.1 Include Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6264/info Lib CGI is a freely available, open source CGI library for C programmers. It is available for Unix and Linux operating systems. It has been reported that a buffer overflow exists in the Lib CGI development...
CVE-2010-2761
The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v...
Gentoo Security Advisory GLSA 200612-21 (ruby)
The remote host is missing updates announced in advisory GLSA 200612-21. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200612-21 (ruby)
The remote host is missing updates announced in advisory GLSA 200612-21. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD Ports: ruby, ruby_static
The remote host is missing an update to the system as announced in the referenced advisory. VID ab8dbe98-6be4-11db-ae91-0012f06707f0 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Ubuntu 5.04 / 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-371-1)
An error was found in Ruby's CGI library that did not correctly check for the end of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU. Note that Tenable Network Security has...
CVE-2002-2257
Stack-based buffer overflow in the parsefield function in cgilib.c for LIBCGI 1.0.2 and 1.0.3 allows remote attackers to execute arbitrary code via a long argument...
Design/Logic Flaw
The displaypost function in cgi-bin/cgi-lib/forumdisplay.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users...
Mandrake Linux Security Advisory : ruby (MDKSA-2006:225)
Another vulnerability has been discovered in the CGI library cgi.rb that ships with Ruby which could be used by a malicious user to create a denial of service attack DoS. Updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...
GLSA-200612-21 : Ruby: Denial of Service vulnerability
The remote host is affected by the vulnerability described in GLSA-200612-21 Ruby: Denial of Service vulnerability The readmultipart function of the CGI library shipped with Ruby cgi.rb does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-12...
Ruby: Denial of Service vulnerability
Background Ruby is a dynamic, open source programming language with a focus on simplicity and productivity. Description The readmultipart function of the CGI library shipped with Ruby cgi.rb does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-1...
Debian DSA-1234-1 : ruby1.6 - denial of service
A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...
Debian DSA-1235-1 : ruby1.8 - denial of service
A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...
[SECURITY] [DSA-1234-1] New ruby1.6 package fix denial of service
------------------------------------------------------------------------ Debian Security Advisory DSA-1234-1 [email protected] http://www.debian.org/security/ Steve Kemp December 13, 2006 - ------------------------------------------------------------------------ Package : ruby1.6 1.6.8-12sarge3...
DSA-1234-1 ruby1.6
Bulletin has no description...
DSA-1235-1 ruby1.8
Bulletin has no description...