CVE-2020-36939

Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...

CVE-2020-36939

Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to the disabled Rack::Protection module. An attacker can access arbitrary files on the server by sending specially crafted requests that exploit the lack of input validation. This can lead to exposure of sensitiv...

CVE-2020-36939 Cassandra Web 0.5.0 - Remote File Read

Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...

CVE-2020-36939

Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...

CVE-2020-36939

CVE-2020-36939 affects Cassandra Web 0.5.0. A directory traversal vulnerability arises from the disabled Rack::Protection module, allowing unauthenticated attackers to read arbitrary files (e.g., /etc/passwd) and potentially exfiltrate sensitive credentials. Affected component: web server handlin...

CVE-2020-36939 Cassandra Web 0.5.0 - Remote File Read

Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...

PT-2026-4921

Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...

MiracleLinux 7 : pcs-0.9.162-5.el7.1 (AXSA:2018-2813:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-2813:01 advisory. pcs: Privilege escalation via authorized user malicious REST call CVE-2018-1079 pcs: Debug parameter removal bypass, allowing information disclosure...

EUVD-2018-0170

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-1000119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures...

RHEL 6 : rack-protection (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rack-protection: Timing attack in authenticitytoken.rb CVE-2018-1000119 Note that Nessus has not tested for this...

SUSE CVE-2018-1000119

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to hav...

Cassandra Web File Read Vulnerability

This module exploits an unauthenticated directory traversal vulnerability in Cassandra Web 'Cassandra Web' version 0.5.0 and earlier, allowing arbitrary file read with the web server privileges. This vulnerability occurred due to the disabled Rack::Protection module Module Options msf use...

pcs security update

0.11.1-10.el90.1 - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz2081333 0.11.1-10 - Fixed snmp client - Fixed translating resource roles in colocation constraint - Resolves: rhbz2048640 0.11.1-9 - Fixed cluster destroy in web ui - Fixed covscan issue in web ui - Resolves:...

pcs security update

0.10.12-6.0.1.el86.1 - Replace HAM-logo.png with a generic one 0.10.12-6.el86.1 - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz2081331...

rack-protection: Timing attack in authenticity_token.rb

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to hav...

rack-protection: Timing attack in authenticity_token.rb

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to hav...

NewStart CGSL CORE 5.04 / MAIN 5.04 : pcs Multiple Vulnerabilities (NS-SA-2019-0042)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pcs packages installed that are affected by multiple vulnerabilities: - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in...

Debian DSA-4247-1 : ruby-rack-protection - security update

A timing attack was discovered in the function for CSRF token validation of the 'Ruby rack protection' framework. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4247. The text itself is copyright C Software ...