Test Kennung:	1.3.6.1.4.1.25623.1.1.12.2025.7366.1
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu: Security Advisory (USN-7366-1)
Zusammenfassung:	The remote host is missing an update for the 'ruby-rack' package(s) announced via the USN-7366-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ruby-rack' package(s) announced via the USN-7366-1 advisory. Vulnerability Insight: Nhat Thai Do discovered that Rack incorrectly handled certain usernames. A remote attacker could possibly use this issue to perform CRLF injection. (CVE-2025-25184) Pham Quang Minh discovered that Rack incorrectly handled certain headers. A remote attacker could possibly use this issue to perform log injection. (CVE-2025-27111) Pham Quang Minh discovered that Rack did not properly handle relative file paths. A remote attacker could potentially exploit this to include local files that should have been inaccessible. (CVE-2025-27610) Affected Software/OS: 'ruby-rack' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04, Ubuntu 24.10. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2025-25184 Common Vulnerability Exposure (CVE) ID: CVE-2025-27111 Common Vulnerability Exposure (CVE) ID: CVE-2025-27610
Copyright	Copyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.