rpm package
suse/rubygem-passenger&distro=SUSE WebYast 1.3
pkg:rpm/suse/rubygem-passenger&distro=SUSE%20WebYast%201.3
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-10345 | Hig | 7.8 | < 3.0.14-0.17.1 | 3.0.14-0.17.1 | Apr 18, 2017 | In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. | |
| CVE-2015-7519 | Low | 3.7 | < 3.0.14-0.14.1 | 3.0.14-0.14.1 | Jan 8, 2016 | agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) chara | |
| CVE-2013-2119 | — | < 3.0.14-0.14.1 | 3.0.14-0.14.1 | Jan 3, 2014 | Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the ge | ||
| CVE-2013-4136 | — | < 3.0.14-0.14.1 | 3.0.14-0.14.1 | Sep 30, 2013 | ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/. |
- affected < 3.0.14-0.17.1fixed 3.0.14-0.17.1
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
- affected < 3.0.14-0.14.1fixed 3.0.14-0.14.1
agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) chara
- CVE-2013-2119Jan 3, 2014affected < 3.0.14-0.14.1fixed 3.0.14-0.14.1
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the ge
- CVE-2013-4136Sep 30, 2013affected < 3.0.14-0.14.1fixed 3.0.14-0.14.1
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.