11 matches found
openSUSE Security Update : RubyOnRails (openSUSE-SU-2013:0338-1)
The Ruby on Rails 2.3 stack was updated to 2.3.17. The Ruby on Rails 3.2 stack was updated to 3.2.12. The Ruby Rack was updated to 1.1.6. The Ruby Rack was updated to 1.2.8. The Ruby Rack was updated to 1.3.10. The Ruby Rack was updated to 1.4.5. The updates fix various security issues and bugs. ...
GLSA-201405-10 : Rack: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201405-10 Rack: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with...
Fedora Update for rubygem-rack FEDORA-2013-2306
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 17 : rubygem-rack-1.4.0-4.fc17 (2013-2315)
Patch for - path sanitization information disclosure CVE-2013-0262 - timing attack in cookie sessions CVE-2013-0263 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format ...
Fedora 18 : rubygem-rack-1.4.0-5.fc18 (2013-2306)
Patch for - path sanitization information disclosure CVE-2013-0262 - timing attack in cookie sessions CVE-2013-0263 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format ...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 1.1.2 update
Red Hat OpenShift Enterprise 1.1.2, which fixes several security issues, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...
CVE-2013-0262
rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...
CVE-2013-0262
rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...
CVE-2013-0262
CVE-2013-0262 affects Rack’s Rack::File in Rack 1.5.x (before 1.5.2) and 1.4.x (before 1.4.5). A crafted PATH_INFO can cause a directory traversal, allowing an attacker to access arbitrary files outside the intended root. Root cause: improper PATH_INFO handling in Rack::File (symlink path travers...
Ruby Rack Gem -- Multiple Issues
Rack developers report: Today we are proud to announce the release of Rack 1.4.5. Fix CVE-2013-0263, timing attack against Rack::Session::Cookie Fix CVE-2013-0262, symlink path traversal in Rack::File...
CVE-2013-0262 rubygem-rack: Path sanitization information disclosure
rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...