Lucene search
K

10 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:13 a.m.4 views

SUSE CVE-2015-7519

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an underscore character instead of a -...

3.7CVSS7AI score0.02364EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2018/07/09 12:0 a.m.74 views

Debian: Security Advisory (DLA-1399-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS5.7AI score0.02364EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/06/28 12:0 a.m.30 views

Debian DLA-1399-1 : ruby-passenger security update

Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under certain conditions possible. CVE-2015-7519 Remote attackers could spoof headers passed to applications by usin...

7CVSS6.5AI score0.02364EPSS
Exploits0References4
Debian
Debian
added 2018/06/27 7:39 p.m.21 views

[SECURITY] [DLA 1399-1] ruby-passenger security update

Package : ruby-passenger Version : 4.0.53-1+deb8u1 CVE ID : CVE-2015-7519 CVE-2018-12029 Debian Bug : 864651 Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under...

7CVSS6.4AI score0.02364EPSS
Exploits0
Debian
Debian
added 2016/01/18 6:56 p.m.25 views

[SECURITY] [DLA 394-1] passenger security update

Package : passenger Version : 2.2.11debian-2+deb6u1 CVE ID : CVE-2015-7519 agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof heade...

4.3CVSS4.4AI score0.02364EPSS
Exploits0
OSV
OSV
added 2016/01/08 7:59 p.m.8 views

CVE-2015-7519

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an underscore character instead of a -...

3.7CVSS4.3AI score0.02364EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2016/01/08 7:0 p.m.21 views

CVE-2015-7519

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an underscore character instead of a -...

4.3CVSS4.9AI score0.02364EPSS
Exploits0
CVE
CVE
added 2016/01/08 7:0 p.m.92 views

CVE-2015-7519

Summary (validated by connected docs): CVE-2015-7519 affects Phusion Passenger in Apache integration or standalone mode without a filtering proxy, where the module’s HTTP header handling in agent/Core/Controller/SendRequest.cpp allows remote attackers to spoof headers by replacing a dash with an ...

4.3CVSS4.2AI score0.02364EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2015/12/21 7:6 p.m.6 views

SUSE-SU-2015:2337-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issues: - CVE-2015-7519: rubygem-passenger was not filtering the environment like apache is doing, allowing injection of environment variables bsc956281...

4.3CVSS4.4AI score0.02364EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2015/12/07 12:0 a.m.27 views

passenger -- client controlled header overwriting

Daniel Knoppel reports: It was discovered by the SUSE security team that it was possible, in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. CVE-2015-7519 has been assigned to this issue. Affected use-cases: Header overwriting may occur ...

4.3CVSS5.1AI score0.02364EPSS
Exploits0References1
Rows per page
Query Builder