Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby Improper Authentication Vulnerability - CVE-2019-16201 - Vulnerability Database
Ruby

Ruby Improper Authentication Vulnerability - CVE-2019-16201

High
Reference: CVE-2019-16201
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-16201
Title: Ruby Improper Authentication Vulnerability
Overview:

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.