595 matches found
ruby: WEBrick CGI source disclosure
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing 1 + plus, 2 %2b encode...
ruby: WEBrick DoS vulnerability (CPU consumption)
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...
ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...
ruby: HTTP response splitting in WEBrick
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...
GHSA-3JFP-46X4-XGFJ yard: Possible arbitrary path traversal and file access via yard server
Impact A path traversal vulnerability was discovered in YARD = 0.9.41 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The original patch in GHSA-xfhh-rx56-rxcr wa...
ruby: WEBrick DoS vulnerability (CPU consumption)
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...
ruby: HTTP response splitting in WEBrick
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...
ruby: WEBrick CGI source disclosure
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing 1 + plus, 2 %2b encode...
ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...
ruby: Potential HTTP request smuggling in WEBrick
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...
ruby: WEBrick CGI source disclosure
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing 1 + plus, 2 %2b encode...
ruby: WEBrick DoS vulnerability (CPU consumption)
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...
ruby: Potential HTTP request smuggling in WEBrick
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...
ruby: HTTP response splitting in WEBrick
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...
ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...
Security Bulletin: Ruby WEBrick read_header HTTP Request Smuggling Vulnerability (ZDI-CAN-21876), affects watsonx.data
Summary Ruby WEBrick is vulnerable to HTTP request smuggling via the readheader method due to inconsistent parsing of HTTP header terminators. Exploitation is possible when deployed behind certain HTTP proxies, allowing attackers to smuggle arbitrary HTTP requests. This can affect watsonx.data...
NewStart CGSL MAIN 6.06 (SP) : ruby Multiple Vulnerabilities (NS-SA-2026-0023)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has ruby packages installed that are affected by multiple vulnerabilities: - CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...
Astra Linux – Vulnerability in ruby-webrick
Ruby WEBrick’s readheaders method exposes a vulnerability related to HTTP request smuggling. This vulnerability allows remote attackers to inject arbitrary HTTP requests into affected installations of Ruby WEBrick. This issue becomes exploitable when the product is deployed behind an HTTP proxy...
MiracleLinux 8 : ruby:2.7 (AXSA:2021-2391:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2391:01 advisory. ruby: Potential HTTP request smuggling in WEBrick CVE-2020-25613 ruby: XML round-trip vulnerability in REXML CVE-2021-28965 Tenable has extracted th...
MiracleLinux 7 : rh-ruby25-ruby-2.5.9-9.el7 (AXSA:2021-1762:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1762:01 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 ruby: Regular expression denial of service vulnerability of...