CVE-2010-1330

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

Cross site scripting

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

CVE-2010-1330

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

CVE-2010-1330

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

CVE-2010-1330

JRuby prior to 1.4.1 contains an XSS vulnerability in its regex engine when $KCODE is set to 'u'. The flaw occurs because the engine does not properly handle characters immediately after a UTF-8 character, enabling remote attackers to inject crafted strings and execute script in vulnerable contex...

CVE-2012-5370 jruby: Murmur hash function collisions (oCERT-2012-001)

JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table, as demonstrated by a universal...

Gentoo Security Advisory GLSA 201207-06 (jruby)

The remote host is missing updates announced in advisory GLSA 201207-06. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Gentoo Security Advisory GLSA 201207-06 (jruby)

The remote host is missing updates announced in advisory GLSA 201207-06. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

jruby: hash table collisions DoS (oCERT-2011-003)

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...

GLSA-201207-06 : JRuby: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201207-06 JRuby: Denial of Service JRuby does not properly randomize hash functions to protect against hash collision attacks. Impact : A remote attacker could send a specially crafted input, possibly resulting in a Denial of...

JRuby: Denial of service

Background JRuby is a Java-based Ruby interpreter implementation. Description JRuby does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could send a specially crafted input, possibly resulting in a Denial of Service condition. Workaround...

FreeBSD Ports: jruby

The remote host is missing an update to the system as announced in the referenced advisory. VID 91be81e7-3fea-11e1-afc7-2c4138874f7d OpenVAS Vulnerability Test $ Description: Auto generated from VID 91be81e7-3fea-11e1-afc7-2c4138874f7d Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

FreeBSD Ports: jruby

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD : Multiple implementations -- DoS via hash algorithm collision (91be81e7-3fea-11e1-afc7-2c4138874f7d)

oCERT reports : A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particul...

[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision

2011-003 multiple implementations denial-of-service via hash algorithm collision Description: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting...

CVE-2011-4838

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...

CVE-2011-4838

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...

Code injection

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...

CVE-2011-4838

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...

CVE-2011-4838

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...