VYPR

rpm package

suse/rubygem-passenger&distro=SUSE Studio Onsite 1.3

pkg:rpm/suse/rubygem-passenger&distro=SUSE%20Studio%20Onsite%201.3

Vulnerabilities (4)

  • CVE-2016-10345HigApr 18, 2017
    affected < 3.0.14-0.17.1fixed 3.0.14-0.17.1

    In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.

  • CVE-2015-7519LowJan 8, 2016
    affected < 3.0.14-0.14.1fixed 3.0.14-0.14.1

    agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) chara

  • CVE-2013-2119Jan 3, 2014
    affected < 3.0.14-0.14.1fixed 3.0.14-0.14.1

    Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the ge

  • CVE-2013-4136Sep 30, 2013
    affected < 3.0.14-0.14.1fixed 3.0.14-0.14.1

    ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.