Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2019-16201 - log back

CVE-2019-16201 edited at 02 Oct 2019 12:14:40

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Denial of service

Description

+	It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to denial of service via regular expressions in WEBrick's Digest access authentication module. An attacker can exploit this vulnerability to cause an effective denial of service against a WEBrick service.

References

+	https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/

Notes

CVE-2019-16201 created at 02 Oct 2019 11:37:12