3 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-6438
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The URI.decodewwwformcomponent method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service catastrophic regular expression backtrackin...
CVE-2014-6438
The URI.decodewwwformcomponent method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service catastrophic regular expression backtracking, resource consumption, or application crash via a crafted string...
[SECURITY] [DLA 275-1] ruby1.9.1 security update
Package : ruby1.9.1 Version : 1.9.2.0-2+deb6u6 CVE ID : CVE-2014-6438 It was discovered that the uri package in the Ruby standard library uses regular expressions that may result in excessive backtracking. Ruby applications that parse untrusted URIs using this library were susceptible to...