2167 matches found
Design/Logic Flaw
The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache...
CVE-2012-2671
The Rack::Cache rubygem (versions 0.3.0–1.1) caches Set-Cookie and other sensitive headers, enabling an attacker to obtain cookie data and potentially hijack web sessions by accessing the cache. Public details across NVD/OSV/GHSA entries confirm the issue; no remediation version is specified in t...
CVE-2012-2671
The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache...
CVE-2012-2671
The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache...
[SECURITY] Fedora 15 Update: rubygem-actionpack-3.0.5-8.fc15
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...
[SECURITY] Fedora 17 Update: rubygem-activerecord-3.0.11-2.fc17
Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...
[SECURITY] Fedora 15 Update: rubygem-activerecord-3.0.5-3.fc15
Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...
Fedora Update for rubygem-actionpack FEDORA-2012-8883
Check for the Version of rubygem-actionpack OpenVAS Vulnerability Test Fedora Update for rubygem-actionpack FEDORA-2012-8883 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Fedora Update for rubygem-actionpack FEDORA-2012-8883
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora 17 : rubygem-actionpack-3.0.11-4.fc17 (2012-8868)
Fix for CVE-2012-2660. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
Fedora 16 : rubygem-actionpack-3.0.10-6.fc16 (2012-8883)
Fix for CVE-2012-2660. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
CVE-2012-6685 rubygem-nokogiri: XML eXternal Entity (XXE) flaw
Nokogiri before 1.5.4 is vulnerable to XXE attacks...
rack-cache Rubygem Sensitive HTTP Header Caching Weakness
Rack::Cache rack-cache contains a flaw related to the rubygem caching sensitive HTTP headers. This will result in a weakness that may make it easier for an attacker to gain access to a user's session via a specially crafted header...
Fedora 17 : rubygem-rack-cache-1.2-1.fc17 (2012-8439)
Updated to rack-cache 1.2. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenab...
[SECURITY] Fedora 17 Update: rubygem-rack-cache-1.2-1.fc17
Rack::Cache is suitable as a quick drop-in component to enable HTTP caching for Rack-based applications that produce freshness Expires, Cache-Control and /or validation Last-Modified, ETag information...
CVE-2012-2660 rubygem-actionpack: Unsafe query generation
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...
rubygem-activerecord -- multiple vulnerabilities
rubygem-activerecord -- multiple vulernabilities Due to the way Active Record interprets parameters in combination with the way that Rack parses query parameters, it is possible for an attacker to issue unexpected database queries with "IS NULL" where clauses. This issue does not let an attacker...
FreeBSD Ports: rubygem-mail
The remote host is missing an update to the system as announced in the referenced advisory. VID 3d55b961-9a2e-11e1-a2ef-001fd0af1a4c OpenVAS Vulnerability Test $ Description: Auto generated from VID 3d55b961-9a2e-11e1-a2ef-001fd0af1a4c Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
FreeBSD Ports: rubygem-mail
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Fedora 17 : rubygem-actionmailer-3.0.11-2.fc17 / rubygem-mail-2.4.4-1.fc17 (2012-7619)
Update to Mail 2.4.4. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...