Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2017/10/12 12:0 a.m.21 views

Debian DSA-3931-1 : ruby-rack-cors - security update

Jens Mueller discovered that an incorrect regular expression in rack-cors may lead to insufficient restriction of CORS requests. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3931. The...

8.8CVSS7.8AI score0.02345EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/07/27 12:0 a.m.20 views

Fedora 25 : rubygem-rack-cors (2017-c22a8af4e9)

Security fix for CVE-2017-11173, new upstream version Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

8.8CVSS7.8AI score0.02345EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/07/25 12:0 a.m.19 views

Fedora Update for rubygem-rack-cors FEDORA-2017-c22a8af4e9

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.02345EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2017/07/13 3:29 a.m.20 views

CVE-2017-11173

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net as well as...

8.8CVSS7.1AI score0.02345EPSS
Exploits0References4
NVD
NVD
added 2017/07/13 3:29 a.m.29 views

CVE-2017-11173

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net as well as...

8.8CVSS8.7AI score0.02345EPSS
Exploits0References4
OSV
OSV
added 2017/07/13 3:29 a.m.16 views

CVE-2017-11173

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net as well as...

8.8CVSS6.5AI score
Exploits0References4
Cvelist
Cvelist
added 2017/07/13 3:0 a.m.27 views

CVE-2017-11173

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net as well as...

8.6AI score0.02345EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2017/07/13 3:0 a.m.21 views

CVE-2017-11173

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net as well as...

8.8CVSS8.7AI score0.02345EPSS
Exploits0
Rows per page
Query Builder