Regular Expression Denial Of Service (ReDoS)

🗓️ 18 Oct 2019 06:36:36Reported by Veracode Vulnerability DatabaseType

veracode

veracode🔗 sca.analysiscenter.veracode.com👁 31 Views

Webrick vulnerable to ReDoS attack through Authorization heade

Reporter	Title	Published	Views	Family All 174
Tenable Nessus	Amazon Linux 2 : ruby (ALAS-2024-2486)	5 Mar 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : ruby (ALASRUBY2.6-2023-007)	27 Sep 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : ruby24 (ALAS-2020-1422)	31 Aug 202000:00	–	nessus
Tenable Nessus	AlmaLinux 8 : ruby:2.6 (ALSA-2021:2588)	7 Aug 202300:00	–	nessus
Tenable Nessus	CentOS 8 : ruby:2.5 (CESA-2021:2587)	29 Jun 202100:00	–	nessus
Tenable Nessus	CentOS 8 : ruby:2.6 (CESA-2021:2588)	29 Jun 202100:00	–	nessus
Tenable Nessus	Debian DLA-2007-1 : ruby2.1 security update	26 Nov 201900:00	–	nessus
Tenable Nessus	Debian DLA-2027-1 : jruby security update	12 Dec 201900:00	–	nessus
Tenable Nessus	Debian DLA-2330-1 : jruby security update	18 Aug 202000:00	–	nessus
Tenable Nessus	Debian dla-3408 : jruby - security update	1 May 202300:00	–	nessus

Vulners

Node

eoan eoanMatch2.5.5-4ubuntu2debian

AND

debian debian_linux

OR

google bionicMatch2.5.1-1ubuntu1debian

AND

debian debian_linux

OR

xenial xenialMatch2.3.0-5ubuntu1debian

AND

debian debian_linux

OR

ruby rubyMatch2.4.6-r0ruby

AND

alpinelinux alpine_linuxMatch3.7

OR

jruby jrubyMatch1.7.26-1+deb9u1debian

AND

debian debian_linuxMatch9

OR

jruby jrubyMatch9.1.17.0-3debian

AND

debian debian_linuxMatch999

OR

ruby-lang webrickRange1.4.0.beta1–1.4.2ruby

OR

rh-ruby25-ruby rh-ruby25-rubyMatch2.5.5_7.el7

OR

rh-ruby25-ruby rh-ruby25-rubyMatch2.5.0_5.el7

OR

rh-ruby25-ruby rh-ruby25-rubyMatch2.5.3_6.el7

OR

rh-ruby26-ruby rh-ruby26-rubyMatch2.6.2_118.el7

OR

ruby rubyMatch1.8.5_5.el5

OR

ruby rubyMatch2.4.9_93.el7cf

OR

ruby rubyMatch1.8.7.352_13.el6

OR

ruby rubyMatch1.8.5_19.el5_6.1

OR

ruby rubyMatch1.8.5_31.el5_9

OR

ruby rubyMatch1.8.7.352_6.el6

OR

ruby rubyMatch1.8.5_5.el5_2.6

OR

ruby rubyMatch1.8.7.352_12.el6_4

OR

ruby rubyMatch1.8.5_5.el5_4.8

OR

ruby rubyMatch1.8.5_5.el5_2.3

OR

ruby rubyMatch1.8.5_29.el5_9

OR

ruby rubyMatch2.0.0.648_36.el7

OR

ruby rubyMatch1.8.5_5.el5_3.7

OR

ruby rubyMatch1.8.7.352_7.el6_2

OR

ruby rubyMatch1.8.7.299_5.el6_0.1

OR

ruby rubyMatch1.8.5_22.el5_7.1

OR

ruby rubyMatch1.8.7.352_4.el6_2

OR

ruby rubyMatch2.4.6_91.el7cf

OR

ruby rubyMatch1.8.7.299_7.el6

OR

ruby rubyMatch2.4.5_90.el7cf

OR

ruby rubyMatch2.0.0.598_25.ael7b_1

OR

ruby rubyMatch1.8.5_5.el5_2.5

OR

ruby rubyMatch1.8.7.299_7.el6_1.1

OR

ruby rubyMatch1.8.5_27.el5

OR

ruby rubyMatch1.8.7.352_10.el6_4

OR

ruby rubyMatch1.8.7.299_4.el6

OR

ruby rubyMatch2.0.0.648_35.el7_6

OR

ruby rubyMatch1.8.7.352_3.el6

OR

ruby rubyMatch2.0.0.648_34.el7_6

OR

ruby rubyMatch1.8.7.374_4.el6_6

OR

ruby rubyMatch1.8.7.374_3.el6_6

OR

ruby rubyMatch1.8.5_5.el5_1.1

OR

ruby rubyMatch1.8.7.374_2.el6

OR

ruby rubyMatch1.8.7.374_5.el6

OR

ruby rubyMatch1.8.5_24.el5

OR

ruby rubyMatch2.0.0.648_39.el7_9

Source	Link
github	www.github.com/ruby/webrick/pull/31
ruby-lang	www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/
seclists	www.seclists.org/bugtraq/2019/Dec/32
seclists	www.seclists.org/bugtraq/2019/Dec/31
lists	www.lists.debian.org/debian-lts-announce/2019/12/msg00009.html
lists	www.lists.debian.org/debian-lts-announce/2020/08/msg00027.html
lists	www.lists.debian.org/debian-lts-announce/2023/04/msg00033.html
debian	www.debian.org/security/2019/dsa-4587
security	www.security.gentoo.org/glsa/202003-06
hackerone	www.hackerone.com/reports/661722

01 May 2023 00:53Current

7.8High risk

Vulners AI Score7.8

CVSS 27.8

CVSS 3.17.5

EPSS0.00613

webrick redos authorization header attack authentication module