Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures...

5.9CVSS6.6AI score0.02489EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.34 views

RHEL 6 : rack-protection (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rack-protection: Timing attack in authenticitytoken.rb CVE-2018-1000119 Note that Nessus has not tested for this...

6AI score0.02489EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.35 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : pcs Multiple Vulnerabilities (NS-SA-2019-0042)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pcs packages installed that are affected by multiple vulnerabilities: - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in...

8.7CVSS6.6AI score0.02489EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/07/17 12:0 a.m.33 views

Debian DSA-4247-1 : ruby-rack-protection - security update

A timing attack was discovered in the function for CSRF token validation of the 'Ruby rack protection' framework. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4247. The text itself is copyright C Software ...

5.9CVSS6.6AI score0.02489EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2018/06/05 12:0 a.m.32 views

CentOS Update for pcs CESA-2018:1060 centos7

Check the version of pcs SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882895";...

8.7CVSS6.8AI score0.02489EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/05/31 12:0 a.m.39 views

CentOS 7 : pcs (CESA-2018:1060)

An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

8.7CVSS6.4AI score0.02489EPSS
Exploits0References4
Cent OS
Cent OS
added 2018/05/30 6:24 p.m.109 views

pcs security update

CentOS Errata and Security Advisory CESA-2018:1060 An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.7CVSS6.6AI score0.02489EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2018/05/01 12:0 a.m.31 views

Oracle Linux 7 : pcs (ELSA-2018-1060)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-1060 advisory. - Fixed CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure - Fixed CVE-2018-1079 pcs: Privilege escalation via authoriz...

8.7CVSS6.5AI score0.02489EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/05/01 12:0 a.m.46 views

Scientific Linux Security Update : pcs on SL7.x x86_64 (20180410)

Security Fixes : - pcs: Privilege escalation via authorized user malicious REST call CVE-2018-1079 - pcs: Debug parameter removal bypass, allowing information disclosure CVE-2018-1086 - rack-protection: Timing attack in authenticitytoken.rb CVE-2018-1000119 C Tenable Network Security, Inc. The...

8.7CVSS6.3AI score0.02489EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/04/27 12:0 a.m.42 views

Amazon Linux 2 : pcs (ALAS-2018-1005)

Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

8.7CVSS6.5AI score0.02489EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/04/10 8:23 p.m.43 views

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

8.7CVSS6.6AI score0.02489EPSS
Exploits0References4
OSV
OSV
added 2018/03/07 2:29 p.m.27 views

CVE-2018-1000119

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to hav...

5.9CVSS6AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2018/03/07 2:29 p.m.26 views

CVE-2018-1000119

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to hav...

5.9CVSS6.5AI score0.02489EPSS
Exploits0References4
Rows per page
Query Builder