A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6818 advisory.

  - kubeclient: kubeconfig parsing error can lead to MITM attacks (CVE-2022-0759)

  - openssl: c_rehash script allows command injection (CVE-2022-1292)

  - openssl: the c_rehash script allows command injection (CVE-2022-2068)

  - Pulp:Tokens stored in plaintext (CVE-2022-3644)

  - foreman: OS command injection via ct_command and fcct_command (CVE-2022-3874)

  - satellite: Blind SSRF via Referer header (CVE-2022-4130)

  - python-future: remote attackers can cause denial of service via crafted Set-Cookie header from malicious     web server (CVE-2022-40899)

  - golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

  - rubygem-activerecord: Denial of Service (CVE-2022-44566)

  - rubygem-rack: denial of service in Content-Disposition parsing (CVE-2022-44570, CVE-2022-44571,     CVE-2022-44572)

  - ruby-git: code injection vulnerability (CVE-2022-46648, CVE-2022-47318)

  - Foreman: Arbitrary code execution through templates (CVE-2023-0118)

  - Foreman: Stored cross-site scripting in host tab (CVE-2023-0119)

  - puppet: Puppet Server ReDoS (CVE-2023-1894)

  - rubygem-actionpack: Denial of Service in Action Dispatch (CVE-2023-22792, CVE-2023-22795)

  - rubygem-activerecord: SQL Injection (CVE-2023-22794)

  - rubygem-activesupport: Regular Expression Denial of Service (CVE-2023-22796)

  - rubygem-globalid: ReDoS vulnerability (CVE-2023-22799)

  - rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530)

  - rubygem-rack: denial of service in header parsing (CVE-2023-27539)

  - golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)

  - sqlparse: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of     Service) (CVE-2023-30608)

  - python-django: Potential bypass of validation when uploading multiple files using one form field     (CVE-2023-31047)

  - python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)

  - python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator     (CVE-2023-36053)

  - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)     (CVE-2023-39325)

  - GitPython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267)

  - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)     (CVE-2023-44487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:3082 advisory.

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - The Ruby on Rails advisory describes this vulnerability as follows: (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:6818 advisory.

  - A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for     Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure     custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE).
    Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle     attacks (MITM). (CVE-2022-0759)

  - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This     script is distributed by some operating systems in a manner where it is automatically executed. On such     operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of     the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.
    Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).
    Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)

  - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances     where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection     were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other     places in the script where the file names of certificates being hashed were possibly passed to a command     executed through the shell. This script is distributed by some operating systems in a manner where it is     automatically executed. On such operating systems, an attacker could execute arbitrary commands with the     privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the     OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in     OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)

  - The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field     and exposes them in read/write mode via the API () instead of marking it as write only. (CVE-2022-3644)

  - A command injection flaw was found in foreman. This flaw allows an authenticated user with admin     privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations     in templates, possibly resulting in arbitrary command execution on the underlying operating system.
    (CVE-2022-3874)

  - An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial     of service via crafted Set-Cookie header from malicious web server. (CVE-2022-40899)

  - A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to     trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request     of specific resources in the server. (CVE-2022-4130)

  - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server     connections contain a cache of HTTP header keys sent by the client. While the total number of entries in     this cache is capped, an attacker sending very large keys can cause the server to allocate approximately     64 MiB per open connection. (CVE-2022-41717)

  - A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When     a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it     will treat the target column type as numeric. Comparing integer values against numeric values can result     in a slow sequential scan resulting in potential Denial of Service. (CVE-2022-44566)

  - A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully     crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time,     possibly resulting in a denial of service attack vector. Any applications that deal with Range requests     (such as streaming applications, or applications that serve files) may be impacted. (CVE-2022-44570)

  - There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in     2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-     Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial     ofservice attack vector. This header is used typically used in multipartparsing. Any applications that     parse multipart posts using Rack (virtuallyall Rails applications) are impacted. (CVE-2022-44571)

  - A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2,     2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary     parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack     vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are     impacted. (CVE-2022-44572)

  - ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby     code by having a user to load a repository containing a specially crafted filename to the product. This     vulnerability is different from CVE-2022-47318. (CVE-2022-46648)

  - ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby     code by having a user to load a repository containing a specially crafted filename to the product. This     vulnerability is different from CVE-2022-46648. (CVE-2022-47318)

  - An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode     in templates and execute arbitrary code on the underlying operating system. (CVE-2023-0118)

  - A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has     incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on     the system can steal another user's session, make requests on behalf of the user, and obtain user     credentials. (CVE-2023-0119)

  - A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate     validation. An issue related to specifically crafted certificate names significantly slowed down server     operations. (CVE-2023-1894)

  - A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1.
    Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the     regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use     large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected     release should either upgrade or use one of the workarounds immediately. (CVE-2023-22792)

  - A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments.
    If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query     method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the     database withinsufficient sanitization and be able to inject SQL outside of the comment. (CVE-2023-22794)

  - A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-     None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine     to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the     process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running     an affected release should either upgrade or use one of the workarounds immediately. (CVE-2023-22795)

  - A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted     string passed to the underscore method can cause the regular expression engine to enter a state of     catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a     possible DoS vulnerability. (CVE-2023-22796)

  - A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully     crafted input can cause the regular expression engine to take an unexpected amount of time. All users     running an affected release should either upgrade or use one of the workarounds immediately.
    (CVE-2023-22799)

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host     header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send     requests containing an invalid Request.Host or Request.URL.Host value. (CVE-2023-29406)

  - sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a     regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was     introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has     been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known     workarounds for this issue. (CVE-2023-30608)

  - In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation     when using one form field to upload multiple files. This multiple upload has never been supported by     forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's     Uploading multiple files documentation suggested otherwise. (CVE-2023-31047)

  - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to     destination servers when redirected to an HTTPS endpoint. This is a product of how we use     `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent     through the tunnel, the proxy will identify the header in the request itself and remove it prior to     forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must     be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in     Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious     actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.
    (CVE-2023-32681)

  - In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are     subject to a potential ReDoS (regular expression denial of service) attack via a very large number of     domain name labels of emails and URLs. (CVE-2023-36053)

  - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive     server resource consumption. While the total number of requests is bounded by the     http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create     a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound     the number of simultaneously executing handler goroutines to the stream concurrency limit     (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client     has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows     too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2     for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per     HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the     Server.MaxConcurrentStreams setting and the ConfigureServer function. (CVE-2023-39325)

  - GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this     issue exists because of an incomplete fix for CVE-2022-24439. (CVE-2023-40267)

  - The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation     can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487)

  - The Ruby on Rails advisory describes this vulnerability as follows: (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5530 advisory.

  - A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart     parsing component of Rack. (CVE-2022-30122)

  - A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a     possible shell escape in the Lint and CommonLogger components of Rack. (CVE-2022-30123)

  - A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully     crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time,     possibly resulting in a denial of service attack vector. Any applications that deal with Range requests     (such as streaming applications, or applications that serve files) may be impacted. (CVE-2022-44570)

  - There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in     2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-     Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial     ofservice attack vector. This header is used typically used in multipartparsing. Any applications that     parse multipart posts using Rack (virtuallyall Rails applications) are impacted. (CVE-2022-44571)

  - A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2,     2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary     parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack     vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are     impacted. (CVE-2022-44572)

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - The Ruby on Rails advisory describes this vulnerability as follows: (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12595 advisory.

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - The Ruby on Rails advisory describes this vulnerability as follows: (CVE-2023-27539)

  - It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat     Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package),     which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The     CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.
    (CVE-2023-2319)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2781-1 advisory.

  - A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise     Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap     15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This     issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux     Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server     versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-     server versions prior to 2.10. (CVE-2022-31254)

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - Possible XSS in SafeBuffer#bytesplice [fedora-all] (CVE-2023-28120)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3403 advisory.

  - rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530)

  - rubygem-rack: denial of service in header parsing (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3082 advisory.

  - The Ruby on Rails advisory describes this vulnerability as follows: (CVE-2023-27539)

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2304-1 advisory.

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - Possible XSS in SafeBuffer#bytesplice [fedora-all] (CVE-2023-28120)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2294-1 advisory.

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - Possible XSS in SafeBuffer#bytesplice [fedora-all] (CVE-2023-28120)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2295-1 advisory.

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - Possible XSS in SafeBuffer#bytesplice [fedora-all] (CVE-2023-28120)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2652 advisory.

  - It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat     Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package),     which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The     CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.
    (CVE-2023-2319)

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - The Ruby on Rails advisory describes this vulnerability as follows: (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2280-1 advisory.

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - Possible XSS in SafeBuffer#bytesplice [fedora-all] (CVE-2023-28120)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3082 advisory.

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - The Ruby on Rails advisory describes this vulnerability as follows: (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3082 advisory.

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - The Ruby on Rails advisory describes this vulnerability as follows: (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3082 advisory.

  - rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530)

  - rubygem-rack: denial of service in header parsing (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2652 advisory.

  - It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat     Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package),     which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The     CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.
    (CVE-2023-2319)

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2652 advisory.

  - pcs: webpack: Regression of CVE-2023-28154 fixes in the Red Hat Enterprise Linux (CVE-2023-2319)

  - rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530)

  - rubygem-rack: denial of service in header parsing (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1961 advisory.

  - rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530)

  - rubygem-rack: denial of service in header parsing (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1981 advisory.

  - rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530)

  - rubygem-rack: denial of service in header parsing (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3392 advisory.

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - ooooooo_q reports:              Carefully crafted input can cause header parsing in Rack             to     take an unexpected amount of time, possibly resulting             in a denial of service attack vector.
    Any applications             that parse headers using Rack (virtually all Rails             applications)     are impacted.            (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0725-1 advisory.

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f0798a6a-bbdb-11ed-ba99-080027f5fec9 advisory.

  - Aaron Patterson reports:              The Multipart MIME parsing code in Rack limits the number     of file parts, but does not limit the total number of             parts that can be uploaded. Carefully     crafted requests can             abuse this and cause multipart parsing to take longer than     expected.            (CVE-2023-27530)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
194436	RHEL 8 : Satellite 6.14 (RHSA-2023:6818)	Nessus	Red Hat Local Security Checks	critical
190187	CentOS 8 : pcs (CESA-2023:3082)	Nessus	CentOS Local Security Checks	high
185473	Rocky Linux 8 : Satellite 6.14 (RLSA-2023:6818)	Nessus	Rocky Linux Local Security Checks	critical
183679	Debian DSA-5530-1 : ruby-rack - security update	Nessus	Debian Local Security Checks	critical
178685	Oracle Linux 9 : pcs (ELSA-2023-12595)	Nessus	Oracle Linux Local Security Checks	critical
177990	SUSE SLES15 / openSUSE 15 Security Update : rmt-server (SUSE-SU-2023:2781-1)	Nessus	SuSE Local Security Checks	high
176538	RHEL 8 : pcs (RHSA-2023:3403)	Nessus	Red Hat Local Security Checks	high
176462	Oracle Linux 8 : pcs (ELSA-2023-3082)	Nessus	Oracle Linux Local Security Checks	high
176411	SUSE SLES15 Security Update : rmt-server (SUSE-SU-2023:2304-1)	Nessus	SuSE Local Security Checks	high
176407	SUSE SLES15 Security Update : rmt-server (SUSE-SU-2023:2294-1)	Nessus	SuSE Local Security Checks	high
176406	SUSE SLES15 / openSUSE 15 Security Update : rmt-server (SUSE-SU-2023:2295-1)	Nessus	SuSE Local Security Checks	high
176396	Rocky Linux 9 : pcs (RLSA-2023:2652)	Nessus	Rocky Linux Local Security Checks	critical
176351	SUSE SLES15 Security Update : rmt-server (SUSE-SU-2023:2280-1)	Nessus	SuSE Local Security Checks	high
176116	AlmaLinux 8 : pcs (ALSA-2023:3082)	Nessus	Alma Linux Local Security Checks	high
176081	Rocky Linux 8 : pcs (RLSA-2023:3082)	Nessus	Rocky Linux Local Security Checks	high
175875	RHEL 8 : pcs (RHSA-2023:3082)	Nessus	Red Hat Local Security Checks	high
175644	AlmaLinux 9 : pcs (ALSA-2023:2652)	Nessus	Alma Linux Local Security Checks	critical
175431	RHEL 9 : pcs (RHSA-2023:2652)	Nessus	Red Hat Local Security Checks	critical
174733	RHEL 8 : pcs (RHSA-2023:1961)	Nessus	Red Hat Local Security Checks	high
174728	RHEL 9 : pcs (RHSA-2023:1981)	Nessus	Red Hat Local Security Checks	high
174418	Debian DLA-3392-1 : ruby-rack - LTS security update	Nessus	Debian Local Security Checks	high
172563	SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2023:0725-1)	Nessus	SuSE Local Security Checks	high
172115	FreeBSD : rack -- possible DoS vulnerability in multipart MIME parsing (f0798a6a-bbdb-11ed-ba99-080027f5fec9)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2023-27530

high

Tenable Plugins

critical

high

critical

critical

critical

high

high

high

high

high

high

critical

high

high

high

high

critical

critical

high

high

high

high

high