Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-3298.NASL
HistoryJan 31, 2023 - 12:00 a.m.

Debian DLA-3298-1 : ruby-rack - LTS security update

2023-01-3100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
debian 10
ruby-rack
lts
security update
directory traversal
information disclosure
cookies
validation
integrity check
cve-2020-8161
cve-2020-8184
cve-2022-44570

0.002 Low

EPSS

Percentile

64.5%

JSON

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3298 advisory.

  • A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. (CVE-2020-8161)

  • A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
    (CVE-2020-8184)

  • Aaron Patterson reports: (CVE-2022-44570, CVE-2022-44571, CVE-2022-44572)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-3298. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(170885);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/05");

  script_cve_id(
    "CVE-2020-8161",
    "CVE-2020-8184",
    "CVE-2022-44570",
    "CVE-2022-44571",
    "CVE-2022-44572"
  );

  script_name(english:"Debian DLA-3298-1 : ruby-rack - LTS security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the
dla-3298 advisory.

  - A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory
    traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in
    information disclosure. (CVE-2020-8161)

  - A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3,
    rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
    (CVE-2020-8184)

  - Aaron Patterson reports: (CVE-2022-44570, CVE-2022-44571, CVE-2022-44572)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963477");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/ruby-rack");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/lts/security/2023/dla-3298");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-8161");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-8184");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-44570");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-44571");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-44572");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/ruby-rack");
  script_set_attribute(attribute:"solution", value:
"Upgrade the ruby-rack packages.

For Debian 10 buster, these problems have been fixed in version 2.0.6-3+deb10u2.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8184");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-8161");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/01/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-rack");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(10)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '10.0', 'prefix': 'ruby-rack', 'reference': '2.0.6-3+deb10u2'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby-rack');
}
VendorProductVersionCPE
debiandebian_linuxruby-rackp-cpe:/a:debian:debian_linux:ruby-rack
debiandebian_linux10.0cpe:/o:debian:debian_linux:10.0

Related

osv 21
openvas 18
debian 4
nessus 32
freebsd 1
ubuntu 4
redos 1
mageia 3
suse 3
prion 6
debiancve 6
hackerone 5
veracode 5
nvd 6
cvelist 6
github 6
redhatcve 6
cve 6
ubuntucve 6
ibm 2
rubygems 5
alpinelinux 1
f5 1
friendsofphp 2
amazon 1
redhat 2
rocky 1
osv
osv
ruby-rack - security update
2023-01-31 00:00:00
ruby-rack vulnerabilities
2023-03-02 17:43:56
ruby-rack - security update
2020-07-10 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3298-1)
2023-01-31 00:00:00
Ubuntu: Security Advisory (USN-5910-1)
2023-03-03 00:00:00
openSUSE: Security Advisory for rubygem (SUSE-SU-2023:0276-1)
2024-03-04 00:00:00
debian
debian
[SECURITY] [DLA 3298-1] ruby-rack security update
2023-01-30 21:54:32
[SECURITY] [DLA 2275-1] ruby-rack security update
2020-07-10 19:56:49
[SECURITY] [DSA 5530-1] ruby-rack security update
2023-10-22 12:35:21
nessus
nessus
FreeBSD : rack -- Multiple vulnerabilities (95176ba5-9796-11ed-bfbf-080027f5fec9)
2023-01-19 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Rack vulnerabilities (USN-5910-1)
2023-03-04 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2023:0276-1)
2023-02-07 00:00:00
freebsd
freebsd
rack -- Multiple vulnerabilities
2023-01-17 00:00:00
ubuntu
ubuntu
Rack vulnerabilities
2023-03-02 00:00:00
Rack vulnerabilities
2020-09-30 00:00:00
Rack vulnerabilities
2021-04-06 00:00:00
redos
redos
ROS-20240403-12
2024-04-03 00:00:00
mageia
mageia
Updated ruby-rack packages fix security vulnerability
2023-03-24 08:55:49
Updated ruby-rack packages fix security vulnerability
2020-08-01 02:25:42
Updated ruby-rack packages fix security vulnerability
2020-06-11 01:57:01
suse
suse
Security update for rubygem-rack (moderate)
2022-09-23 00:00:00
Security update for rmt-server (important)
2020-11-23 00:00:00
Security update for rmt-server (important)
2020-11-21 00:00:00
prion
prion
Denial of service
2023-02-09 20:15:00
Denial of service
2023-02-09 20:15:00
Denial of service
2023-02-09 20:15:00
debiancve
debiancve
CVE-2022-44571
2023-02-09 20:15:11
CVE-2022-44572
2023-02-09 20:15:11
CVE-2022-44570
2023-02-09 20:15:11
hackerone
hackerone
Internet Bug Bounty: [CVE-2022-44570] Possible Denial of Service Vulnerability in Rack’s Range header parsing
2023-06-04 07:06:53
Internet Bug Bounty: [CVE-2022-44572] Possible Denial of Service Vulnerability in Rack’s RFC2183 boundary parsing
2023-06-04 07:40:02
Internet Bug Bounty: [CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing
2023-06-04 07:16:37
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-01-19 02:08:09
Regular Expression Denial Of Service (ReDoS)
2023-01-25 03:22:15
Regular Expression Denial Of Service(ReDoS)
2023-01-25 02:40:54
nvd
nvd
CVE-2022-44570
2023-02-09 20:15:11
CVE-2022-44571
2023-02-09 20:15:11
CVE-2022-44572
2023-02-09 20:15:11
cvelist
cvelist
CVE-2022-44570
2023-02-09 00:00:00
CVE-2022-44572
2023-02-09 00:00:00
CVE-2022-44571
2023-02-09 00:00:00
github
github
Denial of service via multipart parsing in Rack
2023-01-18 18:19:21
Denial of service via header parsing in Rack
2023-01-18 18:19:33
Denial of Service Vulnerability in Rack Content-Disposition parsing
2023-01-18 18:24:40
redhatcve
redhatcve
CVE-2022-44571
2023-01-26 10:01:14
CVE-2022-44572
2023-01-26 10:06:11
CVE-2022-44570
2023-01-26 10:06:11
cve
cve
CVE-2022-44570
2023-02-09 20:15:11
CVE-2022-44572
2023-02-09 20:15:11
CVE-2022-44571
2023-02-09 20:15:11
ubuntucve
ubuntucve
CVE-2022-44570
2023-02-09 00:00:00
CVE-2022-44572
2023-02-09 00:00:00
CVE-2022-44571
2023-02-09 00:00:00
ibm
ibm
Security Bulletin: Aspera on Cloud CVE-2020-8184
2020-09-28 20:47:48
Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9.
2020-10-01 13:30:25
rubygems
rubygems
Denial of service via multipart parsing in Rack
2023-01-17 21:00:00
Denial of service via header parsing in Rack
2023-01-17 21:00:00
Denial of Service Vulnerability in Rack Content-Disposition parsing
2023-01-17 21:00:00
alpinelinux
alpinelinux
CVE-2020-7070
2020-10-02 15:15:12
f5
f5
K11435435 : PHP vulnerability CVE-2020-7070
2020-10-22 00:00:00
friendsofphp
friendsofphp
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
2022-08-20 11:11:00
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
2022-08-20 11:11:00
amazon
amazon
Medium: php72, php73
2020-10-26 18:16:00
redhat
redhat
(RHSA-2023:6818) Important: Satellite 6.14 security and bug fix update
2023-11-08 14:10:25
(RHSA-2020:4366) Important: Satellite 6.8 release
2020-10-27 12:45:25
rocky
rocky
Satellite 6.14 security and bug fix update
2023-11-11 22:58:57

0.002 Low

EPSS

Percentile

64.5%

JSON
Related for DEBIAN_DLA-3298.NASL
osv21openvas18debian4nessus32freebsd1ubuntu4redos1mageia3suse3prion6debiancve6hackerone5veracode5nvd6cvelist6github6redhatcve6cve6ubuntucve6ibm2rubygems5alpinelinux1f51friendsofphp2amazon1redhat2rocky1