Lucene search
K

79 matches found

OSV
OSV
added 2024/06/17 1:12 p.m.2 views

USN-6837-1 ruby-rack vulnerabilities

It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.10. CVE-2023-27530 It was discovered that Rack incorrectly parsed certain...

7.5CVSS6.6AI score0.35376EPSS
Exploits2References5
Ubuntu
Ubuntu
added 2024/06/17 1:12 p.m.49 views

USN-6837-1: Rack vulnerabilities

It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.10. CVE-2023-27530 It was discovered that Rack incorrectly parsed certain...

7.5CVSS6.5AI score0.35376EPSS
Exploits2
Debian
Debian
added 2024/04/29 9:44 a.m.21 views

[SECURITY] [DLA 3800-1] ruby-rack security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3800-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 29, 2024 https://wiki.debian.org/LTS -...

7.5CVSS6.4AI score0.35376EPSS
Exploits2
OSV
OSV
added 2024/04/12 8:45 p.m.9 views

MGASA-2024-0123 Updated ruby-rack packages fix security vulnerabilities

Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. CVE-2024-25126 Carefully crafted Range headers can cause a server to respond with an unexpectedly large...

7.5CVSS6.5AI score0.35376EPSS
Exploits2References2
Mageia
Mageia
added 2024/04/12 8:45 p.m.66 views

Updated ruby-rack packages fix security vulnerabilities

Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. CVE-2024-25126 Carefully crafted Range headers can cause a server to respond with an unexpectedly large...

7.5CVSS7.1AI score0.35376EPSS
Exploits2References1
Veracode
Veracode
added 2024/02/29 6:31 a.m.26 views

Denial Of Service (DoS)

Rack is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of Range headers, allowing an attacker to craft headers in a way that results in an unexpectedly large response, which can result in Denial of Service DoS...

7.5CVSS6.9AI score0.01612EPSS
Exploits1References8Affected Software2
NVD
NVD
added 2024/02/29 12:15 a.m.27 views

CVE-2024-26141

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...

7.5CVSS5.3AI score0.01612EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2024/02/29 12:15 a.m.23 views

CVE-2024-26141

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...

7.5CVSS6.6AI score0.01612EPSS
Exploits1References6
OSV
OSV
added 2024/02/29 12:15 a.m.2 views

UBUNTU-CVE-2024-26141

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...

7.5CVSS6.6AI score0.01612EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2024/02/28 11:28 p.m.30 views

CVE-2024-26141

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...

7.5CVSS6AI score0.01612EPSS
Exploits1
OSV
OSV
added 2024/02/28 11:28 p.m.28 views

CVE-2024-26141 Possible DoS Vulnerability with Range Header in Rack

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...

5.8CVSS5.8AI score0.01612EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:51 a.m.10 views

SUSE CVE-2011-3192

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...

7.8CVSS8.8AI score0.98945EPSS
Exploits17References20
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.2 views

SUSE CVE-2014-3609

HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service crash via a request with crafted "Range headers with unidentifiable byte-range values."...

5CVSS6.8AI score0.5622EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.4 views

SUSE CVE-2022-39958

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

7.5CVSS7.5AI score0.00953EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/05/31 12:0 a.m.4 views

PT-2022-20452 · Vapor · Vapor

Name of the Vulnerable Software and Affected Versions: Vapor versions prior to 4.60.3 Description: Vapor is an HTTP web framework for Swift. Users with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. This issue can be triggered by invalid...

7.5CVSS7.5AI score0.0189EPSS
Exploits1References9
OSV
OSV
added 2021/12/05 9:15 p.m.4 views

CVE-2021-37253

M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges in HTTP requests with crafted Range or Request-Range headers. NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application...

7.5CVSS7.1AI score0.02837EPSS
Exploits3References6
Prion
Prion
added 2021/12/05 9:15 p.m.18 views

Design/Logic Flaw

DISPUTED M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges in HTTP requests with crafted Range or Request-Range headers. NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web...

7.8CVSS7.5AI score0.02837EPSS
Exploits3References6Affected Software1
Vulnrichment
Vulnrichment
added 2021/12/05 8:28 p.m.17 views

CVE-2021-37253

M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges in HTTP requests with crafted Range or Request-Range headers. NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application...

6.8AI score0.02837EPSS
Exploits3References6
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.4 views

Polipo 缓冲区错误漏洞

Polipo is a small proxy server software. Polipo suffers from a buffer error vulnerability that stems from a heap-based buffer overflow allowed during parsing of Range headers when NDEBUG is used. Note: This vulnerability only affects products that are no longer supported by the maintainer...

7.5CVSS7.6AI score0.01193EPSS
Exploits1References1
CNVD
CNVD
added 2020/07/14 12:0 a.m.2 views

Appweb Null Pointer Dereference Vulnerability

Appweb is a web server for embedded applications. Appweb suffers from a null pointer dereference vulnerability. The vulnerability stems from the fact that Appweb, which supports CGI, does not properly handle HTTP requests with a Range header that lacks an exact range. An attacker could exploit th...

7.5CVSS6.7AI score0.01328EPSS
Exploits0References1
Rows per page
Query Builder