Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.39 views

openSUSE Security Update : RubyOnRails (openSUSE-SU-2013:0338-1)

The Ruby on Rails 2.3 stack was updated to 2.3.17. The Ruby on Rails 3.2 stack was updated to 3.2.12. The Ruby Rack was updated to 1.1.6. The Ruby Rack was updated to 1.2.8. The Ruby Rack was updated to 1.3.10. The Ruby Rack was updated to 1.4.5. The updates fix various security issues and bugs. ...

10CVSS6.4AI score0.07497EPSS
Exploits2References13
Tenable Nessus
Tenable Nessus
added 2014/05/19 12:0 a.m.31 views

GLSA-201405-10 : Rack: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201405-10 Rack: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with...

5.1CVSS7.2AI score0.05281EPSS
Exploits0References6
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.82 views

[SECURITY] [DSA 2783-2] librack-ruby regression update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2783-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 24, 2013 http://www.debian.org/security/faq -...

5.1CVSS3.8AI score0.05281EPSS
Exploits1
Debian
Debian
added 2013/10/24 7:29 p.m.34 views

[SECURITY] [DSA 2783-2] librack-ruby regression update

-------------------------------------------------------------------------- Debian Security Advisory DSA-2783-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 24, 2013 http://www.debian.org/security/faq -...

5.1CVSS4AI score0.05281EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2013/10/22 12:0 a.m.30 views

Debian DSA-2783-1 : librack-ruby - several vulnerabilities

Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilites and Exposures project identifies the following vulnerabilities : - CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions...

5.1CVSS6.9AI score0.05281EPSS
Exploits1References13
Debian
Debian
added 2013/10/21 7:20 p.m.24 views

[SECURITY] [DSA 2783-1] librack-ruby security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2783-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 21, 2013 http://www.debian.org/security/faq -...

5.1CVSS8.1AI score0.05281EPSS
Exploits1
OpenVAS
OpenVAS
added 2013/10/21 12:0 a.m.41 views

Debian Security Advisory DSA 2783-1 (librack-ruby - several vulnerabilities)

Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions...

5.1CVSS1.4AI score0.05281EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2013/05/09 12:0 a.m.35 views

Fedora Update for rubygem-rack FEDORA-2013-2306

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.4AI score0.03778EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/05/08 12:0 a.m.39 views

Fedora 17 : rubygem-rack-1.4.0-4.fc17 (2013-2315)

Patch for - path sanitization information disclosure CVE-2013-0262 - timing attack in cookie sessions CVE-2013-0263 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format ...

5.1CVSS6.5AI score0.05281EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2013/05/08 12:0 a.m.31 views

Fedora 18 : rubygem-rack-1.4.0-5.fc18 (2013-2306)

Patch for - path sanitization information disclosure CVE-2013-0262 - timing attack in cookie sessions CVE-2013-0263 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format ...

5.1CVSS6.5AI score0.05281EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/03/12 5:52 p.m.40 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 1.1.2 update

Red Hat OpenShift Enterprise 1.1.2, which fixes several security issues, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...

7.5CVSS6.5AI score0.05281EPSS
Exploits0References9
OSV
OSV
added 2013/02/08 8:55 p.m.9 views

CVE-2013-0263

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

5.1CVSS7.3AI score0.05281EPSS
Exploits0References19
CVE
CVE
added 2013/02/08 8:0 p.m.95 views

CVE-2013-0263

CVE-2013-0263 is a timing-attack vulnerability in Rack::Session::Cookie that allows remote attackers to guess the session cookie, potentially gain privileges, and execute arbitrary code. It affects Rack versions prior to patched releases: 1.5.2 (1.5.x), 1.4.5 (1.4.x), 1.3.10 (1.3.x), 1.2.8 (1.2.x...

5.1CVSS7.5AI score0.05281EPSS
Exploits0References19Affected Software1
Debian CVE
Debian CVE
added 2013/02/08 8:0 p.m.28 views

CVE-2013-0263

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

5.1CVSS8.9AI score0.05281EPSS
Exploits0
FreeBSD
FreeBSD
added 2013/02/08 12:0 a.m.33 views

Ruby Rack Gem -- Multiple Issues

Rack developers report: Today we are proud to announce the release of Rack 1.4.5. Fix CVE-2013-0263, timing attack against Rack::Session::Cookie Fix CVE-2013-0262, symlink path traversal in Rack::File...

5.1CVSS6.4AI score0.05281EPSS
Exploits0
Rows per page
Query Builder