19 matches found
EUVD-2017-0309
Malware in sbrugna...
SUSE CVE-2014-2538
Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack...
Mageia: Security Advisory (MGASA-2014-0156)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-V3RR-CPH9-2G2Q rack-ssl Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack...
openSUSE Security Update : rubygem-rack-ssl (openSUSE-SU-2014:0515-1)
This rubygem-rack-ssl updated fixes the following security issue : - bnc869162: Fixed XSS in error page CVE-2014-2538. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-293. The te...
MGASA-2014-0156 Updated ruby-rack-ssl packages fix CVE-2014-2538
Updated ruby-rack-ssl packages fix security vulnerabilities: Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters su...
Fedora 20 : rubygem-rack-ssl-1.3.2-9.fc20 (2014-4118)
Handle bad URIs gracefully CVE-2014-2538. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVE...
Fedora Update for rubygem-rack-ssl FEDORA-2014-4118
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for rubygem-rack-ssl FEDORA-2014-4118
Check for the Version of rubygem-rack-ssl OpenVAS Vulnerability Test Fedora Update for rubygem-rack-ssl FEDORA-2014-4118 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modi...
[SECURITY] Fedora 20 Update: rubygem-rack-ssl-1.3.2-9.fc20
Rack middleware to force SSL/TLS...
CVE-2014-2538
Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack...
CVE-2014-2538
Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack...
DEBIAN-CVE-2014-2538
Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack...
CVE-2014-2538
Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack...
Cross site scripting
Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack...
CVE-2014-2538
CVE-2014-2538 describes an XSS vulnerability in the rack-ssl gem’s Ruby component (lib/rack/ssl.rb) prior to version 1.4.0. The issue allows remote attackers to inject arbitrary web script or HTML via a URI, which may not be handled correctly by adapters such as JRuby-Rack. Affected product: rack...
CVE-2014-2538
Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack...
Ruby rack-ssl Gem错误页面跨站脚本漏洞
CVE ID:CVE-2014-2538 Ruby是跨平台、面向对象的动态类型编程语言。 由于某些关于错误页面的输入在返回用户前没有正确过滤,攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 0 rack-ssl gem for Ruby 1.x rack-ssl gem for Ruby 1.4.0版本以修复此漏洞,建议用户下载使用: https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b...
CVE-2014-2538 rubygem rack-ssl: URL error display XSS
Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack...