Lucene search
+L

11 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:13 a.m.30 views

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9.

Summary There are vulnerabilities in the Ruby On Rails component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-47887 DESCRIPTION: railsis vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in HTTP Token authentication in Action...

8.7CVSS6.3AI score0.01103EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2024-47887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1,...

8.7CVSS6.2AI score0.01048EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.14 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Rails vulnerabilities (USN-7290-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7290-1 advisory. It was discovered that Rails did not correctly handle parsing block formats in email service layers. An attacker coul...

8.7CVSS6.1AI score0.01103EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.8 views

Ubuntu: Security Advisory (USN-7290-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS6.7AI score0.01103EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/02 12:0 a.m.14 views

SUSE SLES15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2024:3877-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3877-1 advisory. - CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller bsc1231729. - CVE-2024-42228: Fixed...

8.7CVSS6.9AI score0.01048EPSS
Exploits0References7
OSV
OSV
added 2024/11/01 3:31 p.m.15 views

SUSE-SU-2024:3877-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller bsc1231729. - CVE-2024-42228: Fixed uninitialized value size when calling amdgpuvcecsreloc bsc1228667...

8.7CVSS6.5AI score0.01048EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/16 8:2 p.m.15 views

CVE-2024-47887 Action Controller has possible ReDoS vulnerability in HTTP Token authentication

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

8.7CVSS7.1AI score0.01048EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/10/16 8:2 p.m.29 views

CVE-2024-47887 Action Controller has possible ReDoS vulnerability in HTTP Token authentication

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

8.7CVSS0.01048EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/10/16 4:25 a.m.18 views

CVE-2024-47887

A flaw was found in rubygem actionpack. For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service...

3.7CVSS7.1AI score0.01048EPSS
Exploits0References5
OSV
OSV
added 2024/10/15 11:35 p.m.23 views

GHSA-VFG9-R3FQ-JVX4 Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact ------ For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted...

8.7CVSS5.5AI score0.01048EPSS
Exploits0References3
RubySec
RubySec
added 2024/10/15 12:0 a.m.28 views

Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted header m...

8.7CVSS7.2AI score0.01048EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder