10 matches found
SUSE CVE-2015-7519
agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an underscore character instead of a -...
Debian: Security Advisory (DLA-1399-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1399-1 : ruby-passenger security update
Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under certain conditions possible. CVE-2015-7519 Remote attackers could spoof headers passed to applications by usin...
[SECURITY] [DLA 1399-1] ruby-passenger security update
Package : ruby-passenger Version : 4.0.53-1+deb8u1 CVE ID : CVE-2015-7519 CVE-2018-12029 Debian Bug : 864651 Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under...
[SECURITY] [DLA 394-1] passenger security update
Package : passenger Version : 2.2.11debian-2+deb6u1 CVE ID : CVE-2015-7519 agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof heade...
CVE-2015-7519
agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an underscore character instead of a -...
CVE-2015-7519
agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an underscore character instead of a -...
CVE-2015-7519
Summary (validated by connected docs): CVE-2015-7519 affects Phusion Passenger in Apache integration or standalone mode without a filtering proxy, where the module’s HTTP header handling in agent/Core/Controller/SendRequest.cpp allows remote attackers to spoof headers by replacing a dash with an ...
SUSE-SU-2015:2337-1 Security update for rubygem-passenger
This update for rubygem-passenger fixes the following issues: - CVE-2015-7519: rubygem-passenger was not filtering the environment like apache is doing, allowing injection of environment variables bsc956281...
passenger -- client controlled header overwriting
Daniel Knoppel reports: It was discovered by the SUSE security team that it was possible, in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. CVE-2015-7519 has been assigned to this issue. Affected use-cases: Header overwriting may occur ...