79 matches found
USN-6837-1 ruby-rack vulnerabilities
It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.10. CVE-2023-27530 It was discovered that Rack incorrectly parsed certain...
USN-6837-1: Rack vulnerabilities
It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.10. CVE-2023-27530 It was discovered that Rack incorrectly parsed certain...
[SECURITY] [DLA 3800-1] ruby-rack security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3800-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 29, 2024 https://wiki.debian.org/LTS -...
MGASA-2024-0123 Updated ruby-rack packages fix security vulnerabilities
Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. CVE-2024-25126 Carefully crafted Range headers can cause a server to respond with an unexpectedly large...
Updated ruby-rack packages fix security vulnerabilities
Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. CVE-2024-25126 Carefully crafted Range headers can cause a server to respond with an unexpectedly large...
Denial Of Service (DoS)
Rack is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of Range headers, allowing an attacker to craft headers in a way that results in an unexpectedly large response, which can result in Denial of Service DoS...
CVE-2024-26141
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...
CVE-2024-26141
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...
UBUNTU-CVE-2024-26141
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...
CVE-2024-26141
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...
CVE-2024-26141 Possible DoS Vulnerability with Range Header in Rack
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...
SUSE CVE-2011-3192
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...
SUSE CVE-2014-3609
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service crash via a request with crafted "Range headers with unidentifiable byte-range values."...
SUSE CVE-2022-39958
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...
PT-2022-20452 · Vapor · Vapor
Name of the Vulnerable Software and Affected Versions: Vapor versions prior to 4.60.3 Description: Vapor is an HTTP web framework for Swift. Users with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. This issue can be triggered by invalid...
CVE-2021-37253
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges in HTTP requests with crafted Range or Request-Range headers. NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application...
Design/Logic Flaw
DISPUTED M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges in HTTP requests with crafted Range or Request-Range headers. NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web...
CVE-2021-37253
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges in HTTP requests with crafted Range or Request-Range headers. NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application...
Polipo 缓冲区错误漏洞
Polipo is a small proxy server software. Polipo suffers from a buffer error vulnerability that stems from a heap-based buffer overflow allowed during parsing of Range headers when NDEBUG is used. Note: This vulnerability only affects products that are no longer supported by the maintainer...
Appweb Null Pointer Dereference Vulnerability
Appweb is a web server for embedded applications. Appweb suffers from a null pointer dereference vulnerability. The vulnerability stems from the fact that Appweb, which supports CGI, does not properly handle HTTP requests with a Range header that lacks an exact range. An attacker could exploit th...