Lucene search
K

55 matches found

OSV
OSV
added 2022/11/19 12:30 a.m.40 views

GHSA-VC47-6RQG-C7F5 HTTP response splitting in CGI

Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to...

8.8CVSS8.9AI score0.02287EPSS
Exploits1References14
OSV
OSV
added 2022/11/18 11:15 p.m.3 views

UBUNTU-CVE-2021-33621

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object...

8.8CVSS6.8AI score0.02287EPSS
Exploits1References9
Snyk
Snyk
added 2022/01/21 11:22 p.m.2 views

Improper Authentication

Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Improper Authentication. CGI::Cookie.parse mishandles security prefixes in cookie names by applying URL decoding to cookie names. An attacker could exploit this vulnerability t...

7.5CVSS6.8AI score0.02931EPSS
Exploits1References2
OSV
OSV
added 2022/01/01 6:15 a.m.10 views

AZL-7126 CVE-2021-41819 affecting package ruby for versions less than 3.1.2-2

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS6.7AI score0.02931EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Lib CGI 0.1 Include Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6264/info Lib CGI is a freely available, open source CGI library for C programmers. It is available for Unix and Linux operating systems. It has been reported that a buffer overflow exists in the Lib CGI development...

7.1AI score
Exploits0
Debian CVE
Debian CVE
added 2010/12/06 8:0 p.m.36 views

CVE-2010-2761

The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v...

4.3CVSS9.2AI score0.02713EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.23 views

Gentoo Security Advisory GLSA 200612-21 (ruby)

The remote host is missing updates announced in advisory GLSA 200612-21. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

5CVSS0.1AI score0.03703EPSS
Exploits1
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.22 views

Gentoo Security Advisory GLSA 200612-21 (ruby)

The remote host is missing updates announced in advisory GLSA 200612-21. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.6AI score0.03703EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.31 views

FreeBSD Ports: ruby, ruby_static

The remote host is missing an update to the system as announced in the referenced advisory. VID ab8dbe98-6be4-11db-ae91-0012f06707f0 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

5CVSS0.04071EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.28 views

Ubuntu 5.04 / 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-371-1)

An error was found in Ruby's CGI library that did not correctly check for the end of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU. Note that Tenable Network Security has...

5CVSS7.1AI score0.04071EPSS
Exploits1References3
Cvelist
Cvelist
added 2007/10/14 8:0 p.m.14 views

CVE-2002-2257

Stack-based buffer overflow in the parsefield function in cgilib.c for LIBCGI 1.0.2 and 1.0.3 allows remote attackers to execute arbitrary code via a long argument...

8.1AI score0.0543EPSS
Exploits1References3
Prion
Prion
added 2007/06/26 11:30 p.m.18 views

Design/Logic Flaw

The displaypost function in cgi-bin/cgi-lib/forumdisplay.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users...

6.5CVSS6.8AI score0.01096EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/02/18 12:0 a.m.17 views

Mandrake Linux Security Advisory : ruby (MDKSA-2006:225)

Another vulnerability has been discovered in the CGI library cgi.rb that ships with Ruby which could be used by a malicious user to create a denial of service attack DoS. Updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

5CVSS7AI score0.03703EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2006/12/30 12:0 a.m.38 views

GLSA-200612-21 : Ruby: Denial of Service vulnerability

The remote host is affected by the vulnerability described in GLSA-200612-21 Ruby: Denial of Service vulnerability The readmultipart function of the CGI library shipped with Ruby cgi.rb does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-12...

5CVSS5.5AI score0.03703EPSS
Exploits1References2
Gentoo Linux
Gentoo Linux
added 2006/12/20 12:0 a.m.31 views

Ruby: Denial of Service vulnerability

Background Ruby is a dynamic, open source programming language with a focus on simplicity and productivity. Description The readmultipart function of the CGI library shipped with Ruby cgi.rb does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-1...

5CVSS6.3AI score0.03703EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2006/12/14 12:0 a.m.33 views

Debian DSA-1234-1 : ruby1.6 - denial of service

A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

5CVSS6.8AI score0.04071EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2006/12/14 12:0 a.m.46 views

Debian DSA-1235-1 : ruby1.8 - denial of service

A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

5CVSS6.8AI score0.04071EPSS
Exploits1References3
Debian
Debian
added 2006/12/13 12:12 p.m.29 views

[SECURITY] [DSA-1234-1] New ruby1.6 package fix denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-1234-1 [email protected] http://www.debian.org/security/ Steve Kemp December 13, 2006 - ------------------------------------------------------------------------ Package : ruby1.6 1.6.8-12sarge3...

5CVSS5.9AI score0.04071EPSS
Exploits1
OSV
OSV
added 2006/12/13 12:0 a.m.13 views

DSA-1234-1 ruby1.6

Bulletin has no description...

5CVSS6.3AI score0.04071EPSS
Exploits1
OSV
OSV
added 2006/12/13 12:0 a.m.13 views

DSA-1235-1 ruby1.8

Bulletin has no description...

5CVSS6.3AI score0.04071EPSS
Exploits1
Rows per page
Query Builder