Lucene search
Veracode Vulnerability DatabaseVERACODE:21737HistoryOct 18, 2019 - 6:36 a.m.
Regular Expression Denial Of Service (ReDoS)
2019-10-1806:36:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
EPSS
0.007
Percentile
79.7%
webrick is vulenrable to regex denial of service (ReDoS). An attacker is able to crash the application by submitting malicious strings within the Authorization header to the authentication module.
References
github.com/ruby/webrick/pull/31
hackerone.com/reports/661722
lists.debian.org/debian-lts-announce/2019/11/msg00025.html
lists.debian.org/debian-lts-announce/2019/12/msg00009.html
seclists.org/bugtraq/2019/Dec/31
seclists.org/bugtraq/2019/Dec/32
www.debian.org/security/2019/dsa-4587
www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/
Related
cbl_mariner
cbl_mariner
CVE-2019-16201 affecting package ruby 2.6.3-3
2021-06-09 03:50:37
nvd
nvd
CVE-2019-16201
2019-11-26 18:15:15
debiancve
debiancve
CVE-2019-16201
2019-11-26 18:15:15
prion
prion
Code injection
2019-11-26 18:15:00
ubuntucve
ubuntucve
CVE-2019-16201
2019-11-20 00:00:00
alpinelinux
alpinelinux
CVE-2019-16201
2019-11-26 18:15:15
osv
osv
CVE-2019-16201
2019-11-26 18:15:15
ruby2.3 - security update
2019-12-17 00:00:00
ruby2.1 - security update
2019-11-25 00:00:00
cvelist
cvelist
CVE-2019-16201
2019-11-26 00:00:00
cve
cve
CVE-2019-16201
2019-11-26 18:15:15
redhatcve
redhatcve
CVE-2019-16201
2020-03-21 08:11:44
rubygems
rubygems
openvas
openvas
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1615)
2020-06-03 00:00:00
Debian: Security Advisory (DSA-4587-1)
2019-12-18 00:00:00
Mageia: Security Advisory (MGASA-2019-0408)
2022-01-28 00:00:00
nessus
nessus
Photon OS 2.0: Ruby PHSA-2019-2.0-0196
2020-01-16 00:00:00
EulerOS 2.0 SP5 : ruby (EulerOS-SA-2020-1615)
2020-06-02 00:00:00
Photon OS 1.0: Ruby PHSA-2019-1.0-0263
2020-01-16 00:00:00
debian
debian
[SECURITY] [DSA 4587-1] ruby2.3 security update
2019-12-17 09:56:14
[SECURITY] [DSA 4586-1] ruby2.5 security update
2019-12-17 09:37:05
[SECURITY] [DLA 2027-1] jruby security update
2019-12-10 12:43:11
freebsd
freebsd
ruby -- multiple vulnerabilities
2019-10-01 00:00:00
gentoo
gentoo
Ruby: Multiple vulnerabilities
2020-03-13 00:00:00
symantec
symantec
Ruby Multiple Security Vulnerabilities
2019-10-01 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2019-11-26 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerabilities
2019-12-25 22:08:41
Updated jruby packages fix security vulnerabilities
2020-11-27 23:14:57
cloudfoundry
cloudfoundry
USN-4201-1: Ruby vulnerabilities | Cloud Foundry
2019-12-05 00:00:00
archlinux
archlinux
[ASA-201910-2] ruby: multiple issues
2019-10-02 00:00:00
[ASA-201910-5] ruby2.5: multiple issues
2019-10-02 00:00:00
amazon
amazon
Important: ruby
2024-02-29 10:03:00
Important: ruby24
2020-08-26 23:09:00
suse
suse
Recommended update for ruby2.5 (important)
2020-03-28 00:00:00
photon
photon
rocky
rocky
ruby:2.5 security, bug fix, and enhancement update
2021-06-29 13:58:20
ruby:2.6 security, bug fix, and enhancement update
2021-06-29 13:58:40
redhat
redhat
oraclelinux
oraclelinux
ruby:2.5 security, bug fix, and enhancement update
2021-07-02 00:00:00
ruby:2.6 security, bug fix, and enhancement update
2021-07-07 00:00:00
almalinux
almalinux
Moderate: ruby:2.5 security, bug fix, and enhancement update
2021-06-29 13:58:20
Moderate: ruby:2.6 security, bug fix, and enhancement update
2021-06-29 13:58:40
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00