47 matches found
CVE-2020-36939
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...
CVE-2020-36939
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to the disabled Rack::Protection module. An attacker can access arbitrary files on the server by sending specially crafted requests that exploit the lack of input validation. This can lead to exposure of sensitiv...
CVE-2020-36939 Cassandra Web 0.5.0 - Remote File Read
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...
CVE-2020-36939
CVE-2020-36939 affects Cassandra Web 0.5.0. A directory traversal vulnerability arises from the disabled Rack::Protection module, allowing unauthenticated attackers to read arbitrary files (e.g., /etc/passwd) and potentially exfiltrate sensitive credentials. Affected component: web server handlin...
CVE-2020-36939
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...
CVE-2020-36939 Cassandra Web 0.5.0 - Remote File Read
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...
PT-2026-4921
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...
MiracleLinux 7 : pcs-0.9.162-5.el7.1 (AXSA:2018-2813:01)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-2813:01 advisory. pcs: Privilege escalation via authorized user malicious REST call CVE-2018-1079 pcs: Debug parameter removal bypass, allowing information disclosure...
EUVD-2018-0170
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-1000119
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures...
RHEL 6 : rack-protection (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rack-protection: Timing attack in authenticitytoken.rb CVE-2018-1000119 Note that Nessus has not tested for this...
SUSE CVE-2018-1000119
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to hav...
Cassandra Web File Read Vulnerability
This module exploits an unauthenticated directory traversal vulnerability in Cassandra Web 'Cassandra Web' version 0.5.0 and earlier, allowing arbitrary file read with the web server privileges. This vulnerability occurred due to the disabled Rack::Protection module Module Options msf use...
pcs security update
0.11.1-10.el90.1 - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz2081333 0.11.1-10 - Fixed snmp client - Fixed translating resource roles in colocation constraint - Resolves: rhbz2048640 0.11.1-9 - Fixed cluster destroy in web ui - Fixed covscan issue in web ui - Resolves:...
pcs security update
0.10.12-6.0.1.el86.1 - Replace HAM-logo.png with a generic one 0.10.12-6.el86.1 - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz2081331...
rack-protection: Timing attack in authenticity_token.rb
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to hav...
rack-protection: Timing attack in authenticity_token.rb
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to hav...
NewStart CGSL CORE 5.04 / MAIN 5.04 : pcs Multiple Vulnerabilities (NS-SA-2019-0042)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pcs packages installed that are affected by multiple vulnerabilities: - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in...
The vulnerability of the “rack-protection” protection mechanism in the Sinatra framework for developing web applications in Ruby, which allows attackers to gain unauthorized access to protected information.
The vulnerability of the “rack-protection” security mechanism in the Sinatra framework for developing web applications in Ruby is related to errors in the CSRF token verification process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to...