Lucene search
+L

21 matches found

bdu_fstec
bdu_fstec
•added 2026/06/03 12:0 a.m.•7 views

The vulnerability of the Rack::Utils.get_byte_ranges() function in the Ruby-based Rack web server module interface allows a attacker to cause a denial-of-service attack.

The vulnerability of the Rack::Utils.getbyteranges function in the Rack web server module interface, a programming language for Ruby, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS5.8AI score0.0038EPSS
Exploits0References8Affected Software6
susecve
susecve
•added 2026/04/03 11:25 p.m.•5 views

SUSE CVE-2026-32762

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons...

6.5CVSS5.7AI score0.00179EPSS
Exploits0References3
euvd
euvd
•added 2026/04/02 8:31 p.m.•7 views

EUVD-2026-18423

Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing...

4.8CVSS5.8AI score0.00179EPSS
Exploits0References2
euvd
euvd
•added 2026/04/02 7:7 p.m.•4 views

EUVD-2026-18386

Rack's multipart byte range processing allows denial of service via excessive overlapping ranges...

5.3CVSS5.8AI score0.0038EPSS
Exploits0References2
osv
osv
•added 2026/04/02 5:16 p.m.•2 views

DEBIAN-CVE-2026-34826

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the...

7.5CVSS5.3AI score0.0038EPSS
Exploits0References1
cvelist
cvelist
•added 2026/04/02 4:42 p.m.•19 views

CVE-2026-26961 Rack: Multipart Boundary Parsing Ambiguity allowing WAF Bypass

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...

3.7CVSS0.00253EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/04/02 4:41 p.m.•2 views

CVE-2026-34230 Rack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...

5.3CVSS5.7AI score0.0043EPSS
Exploits0References1
ibm
ibm
•added 2026/03/27 3:56 p.m.•6 views

Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares

Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.1 Vulnerability Details CVEID:CVE-2025-13916 DESCRIPTION: IBM Aspera Shares uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information CWE:CWE-327: U...

7.5CVSS5.7AI score0.00665EPSS
Exploits2Affected Software5
vulnrichment
vulnrichment
•added 2025/10/07 2:30 p.m.•1 views

CVE-2025-61770 Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...

7.5CVSS6.5AI score0.00868EPSS
Exploits0References4
debiancve
debiancve
•added 2025/09/25 2:37 p.m.•5 views

CVE-2025-59830

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

7.5CVSS5.8AI score0.00535EPSS
Exploits0
ibm
ibm
•added 2025/06/25 1:52 p.m.•21 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.10.0 Vulnerability Details CVEID:CVE-2025-46727 DESCRIPTION: Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and...

9.8CVSS10AI score0.03205EPSS
Exploits1Affected Software1
rubygems
rubygems
•added 2025/05/08 12:0 a.m.•30 views

Rack has an Unbounded-Parameter DoS in Rack::QueryParser

Summary Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. Details The vulnerability arises because...

7.5CVSS6.8AI score0.00911EPSS
Exploits0References1Affected Software1
osv
osv
•added 2024/09/20 12:0 a.m.•9 views

UBUNTU-CVE-2024-45614

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

5.4CVSS7.1AI score0.00646EPSS
Exploits0References6
nvd
nvd
•added 2024/02/29 12:15 a.m.•29 views

CVE-2024-26141

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...

7.5CVSS5.3AI score0.01612EPSS
Exploits1References7
osv
osv
•added 2023/08/18 10:15 p.m.•1 views

DEBIAN-CVE-2023-40175

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent ...

9.8CVSS6.2AI score0.00738EPSS
Exploits0References1
snyk
snyk
•added 2021/05/12 9:55 a.m.•2 views

Denial of Service (DoS)

Overview puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process...

7.5CVSS6.9AI score0.0196EPSS
Exploits0References2
nvd
nvd
•added 2013/08/02 12:10 p.m.•33 views

CVE-2013-1190

The C-Series Rack Server component 1.4 in Cisco Unified Computing System UCS does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service Integrated Management Controller reboot or hang via crafted packets, as demonstrated by nmap, aka Bug ID...

5CVSS6.7AI score0.01497EPSS
Exploits0References1
prion
prion
•added 2013/08/02 12:10 p.m.•21 views

Design/Logic Flaw

The C-Series Rack Server component 1.4 in Cisco Unified Computing System UCS does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service Integrated Management Controller reboot or hang via crafted packets, as demonstrated by nmap, aka Bug ID...

5CVSS7.2AI score0.01497EPSS
Exploits0References1
cisco
cisco
•added 2013/08/01 6:22 p.m.•29 views

Cisco Integrated Management Controller Denial of Service Vulnerability

Cisco Unified Computing System UCS C-Series Rack Server version 1.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause the Cisco Integrated Management Controller CIMC, which is used for management/monitoring of the Cisco UCS Rack Server, to stop responding or a...

5CVSS6.8AI score0.01497EPSS
Exploits0References1
cvelist
cvelist
•added 2013/08/01 4:0 p.m.•33 views

CVE-2013-1190

The C-Series Rack Server component 1.4 in Cisco Unified Computing System UCS does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service Integrated Management Controller reboot or hang via crafted packets, as demonstrated by nmap, aka Bug ID...

6.7AI score0.01497EPSS
Exploits0References1
Rows per page
Query Builder