8 matches found
Debian: Security Advisory (DSA-2260-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-2260-1 : rails - several vulnerabilities
Two vulnerabilities were discovered in Ruby on Rails, a web application framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3086 The cookie store may be vulnerable to a timing attack, potentially allowing remote attackers to forge message...
[SECURITY] [DSA 2259-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2260-1 [email protected] http://www.debian.org/security/ Florian Weimer June 14, 2011 http://www.debian.org/security/faq -...
Gentoo Security Advisory GLSA 200912-02 (rails)
The remote host is missing updates announced in advisory GLSA 200912-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
SuSE Security Summary SUSE-SR:2009:017
The remote host is missing updates announced in advisory SUSE-SR:2009:017. SuSE Security Summaries are short on detail when it comes to the names of packages affected by a particular bug. Because of this, while this test will detect out of date packages, it cannot tell you what bugs impact which...
openSUSE Security Update : rubygem-actionpack-2_1 (rubygem-actionpack-2_1-1320)
This update improves the escaping in the helper code of Ruby on Rails to protect against XSS attacks CVE-2009-3009 and an information leak CVE-2009-3086. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Securi...
CVE-2009-3086
Ruby on Rails cookie store vulnerability CVE-2009-3086 affects Rails 2.1.0–2.2.2 and 2.3.x before 2.3.4. The issue leaks information about the complexity of message-digest verification and may allow remote attackers to forge a digest via multiple attempts (timing attack). Debian fixes: 2.1.0-7+le...
CVE-2009-3086
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts...