EUVD-1999-1503

Malware in sbrugna...

Regular Expression Denial Of Service (ReDoS)

rexml is vulnerable to a Regular Expression Denial of Service ReDoS vulnerability. The vulnerability is due to inefficient regular expression handling when parsing XML inputs that contain a large number of digits in hex numeric character references &x...;, allows an attacker to craft inputs that...

Medium: ruby

Issue Overview: A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of...

CVE-1999-1522

Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML. Public details on affected versions, root cause, impact and fixes are not provided in the connected documents.

Roxen security alert: Problems with URLs containing null characters.

Roxen 2.0 up to version 2.0.68 has a vulnerability where using URLs containing null characters can gain the browser access to information he is not authorized to: Directory listings in directories with index files In normal filesystems: the sourcecode for RXML files, Pike scripts, CGIs etc...