QwikSec

Security Database

CVE

CWE

Training

CVE-2019-16201

Published: Nov 26, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://hackerone.com/reports/661722

https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html

[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update

mailing-list

20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update

mailing-list

20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update

mailing-list

vendor-advisory

https://www.oracle.com/security-alerts/cpujan2020.html

vendor-advisory

openSUSE-SU-2020:0395

vendor-advisory

[debian-lts-announce] 20200816 [SECURITY] [DLA 2330-1] jruby security update

mailing-list

[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.