Lucene search
K

6 matches found

OpenVAS
OpenVAS
added 2009/12/30 12:0 a.m.62 views

Gentoo Security Advisory GLSA 200912-02 (rails)

The remote host is missing updates announced in advisory GLSA 200912-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

7.5CVSS0.7AI score0.0808EPSS
Exploits5
OpenVAS
OpenVAS
added 2009/07/17 12:0 a.m.28 views

Ruby on Rails Authentication Bypass Vulnerability (Jun 2009)

Ruby on Rails is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS5.1AI score0.03377EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2009/07/10 3:30 p.m.23 views

CVE-2009-2422

The example code for the digest authentication functionality httpauthentication.rb in Ruby on Rails before 2.3.3 defines an authenticateorrequestwithhttpdigest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication f...

9.8CVSS6.3AI score0.03377EPSS
Exploits1References1
OSV
OSV
added 2009/07/10 3:30 p.m.6 views

CVE-2009-2422

The example code for the digest authentication functionality httpauthentication.rb in Ruby on Rails before 2.3.3 defines an authenticateorrequestwithhttpdigest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication f...

9.8CVSS9.6AI score
Exploits0References12
CVE
CVE
added 2009/07/10 3:0 p.m.105 views

CVE-2009-2422

Ruby on Rails before 2.3.3 contains a vulnerability in the http_authentication.rb example for digest authentication: authenticate_or_request_with_http_digest returns nil instead of false when the user does not exist, enabling context-dependent attackers to bypass authentication for applications d...

9.8CVSS9.4AI score0.03377EPSS
Exploits1References8Affected Software1
Debian CVE
Debian CVE
added 2009/07/10 3:0 p.m.29 views

CVE-2009-2422

The example code for the digest authentication functionality httpauthentication.rb in Ruby on Rails before 2.3.3 defines an authenticateorrequestwithhttpdigest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication f...

9.8CVSS5.2AI score0.03377EPSS
Exploits1
Rows per page
Query Builder