Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-16201
HistoryNov 20, 2019 - 12:00 a.m.

CVE-2019-16201

2019-11-2000:00:00
ubuntu.com
ubuntu.com
137
webrick
httpauth
digestauth
ruby
cve-2019-16201
denial of service
regular expression
looping
backtracking
webrick server
internet
untrusted network
unix

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

79.7%

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6,
and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by
looping/backtracking. A victim must expose a WEBrick server that uses
DigestAuth to the Internet or a untrusted network.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchjruby< anyUNKNOWN
ubuntu20.04noarchjruby< anyUNKNOWN
ubuntu24.04noarchjruby< anyUNKNOWN
ubuntu14.04noarchjruby< 1.5.6-9+deb8u2build0.14.04.1~esm2UNKNOWN
ubuntu16.04noarchjruby< anyUNKNOWN
ubuntu16.04noarchruby2.3< 2.3.1-2~ubuntu16.04.14UNKNOWN
ubuntu18.04noarchruby2.5< 2.5.1-1ubuntu1.6UNKNOWN
ubuntu19.04noarchruby2.5< 2.5.5-1ubuntu1.1UNKNOWN
ubuntu19.10noarchruby2.5< 2.5.5-4ubuntu2.1UNKNOWN

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

79.7%