Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.39 views

openSUSE Security Update : RubyOnRails (openSUSE-SU-2013:0338-1)

The Ruby on Rails 2.3 stack was updated to 2.3.17. The Ruby on Rails 3.2 stack was updated to 3.2.12. The Ruby Rack was updated to 1.1.6. The Ruby Rack was updated to 1.2.8. The Ruby Rack was updated to 1.3.10. The Ruby Rack was updated to 1.4.5. The updates fix various security issues and bugs. ...

10CVSS6.4AI score0.07497EPSS
Exploits2References13
Tenable Nessus
Tenable Nessus
added 2014/05/19 12:0 a.m.31 views

GLSA-201405-10 : Rack: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201405-10 Rack: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with...

5.1CVSS7.2AI score0.05281EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2013/05/09 12:0 a.m.35 views

Fedora Update for rubygem-rack FEDORA-2013-2306

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.4AI score0.03778EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/05/08 12:0 a.m.39 views

Fedora 17 : rubygem-rack-1.4.0-4.fc17 (2013-2315)

Patch for - path sanitization information disclosure CVE-2013-0262 - timing attack in cookie sessions CVE-2013-0263 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format ...

5.1CVSS6.5AI score0.05281EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2013/05/08 12:0 a.m.31 views

Fedora 18 : rubygem-rack-1.4.0-5.fc18 (2013-2306)

Patch for - path sanitization information disclosure CVE-2013-0262 - timing attack in cookie sessions CVE-2013-0263 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format ...

5.1CVSS6.5AI score0.05281EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/03/12 5:52 p.m.40 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 1.1.2 update

Red Hat OpenShift Enterprise 1.1.2, which fixes several security issues, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...

7.5CVSS6.5AI score0.05281EPSS
Exploits0References9
NVD
NVD
added 2013/02/08 8:55 p.m.26 views

CVE-2013-0262

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...

4.3CVSS6.3AI score0.02952EPSS
Exploits0References10
OSV
OSV
added 2013/02/08 8:55 p.m.6 views

CVE-2013-0262

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...

6.2AI score
Exploits0References10
CVE
CVE
added 2013/02/08 8:0 p.m.120 views

CVE-2013-0262

CVE-2013-0262 affects Rack’s Rack::File in Rack 1.5.x (before 1.5.2) and 1.4.x (before 1.4.5). A crafted PATH_INFO can cause a directory traversal, allowing an attacker to access arbitrary files outside the intended root. Root cause: improper PATH_INFO handling in Rack::File (symlink path travers...

4.3CVSS6.3AI score0.02952EPSS
Exploits0References10Affected Software1
FreeBSD
FreeBSD
added 2013/02/08 12:0 a.m.33 views

Ruby Rack Gem -- Multiple Issues

Rack developers report: Today we are proud to announce the release of Rack 1.4.5. Fix CVE-2013-0263, timing attack against Rack::Session::Cookie Fix CVE-2013-0262, symlink path traversal in Rack::File...

5.1CVSS6.4AI score0.05281EPSS
Exploits0
RubySec
RubySec
added 2013/02/07 12:0 a.m.32 views

CVE-2013-0262 rubygem-rack: Path sanitization information disclosure

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...

4.3CVSS6.3AI score0.02952EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder