CVE-2019-16201 — HIGH (7.5)

Q: How severe is CVE-2019-16201?

CVE-2019-16201 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-16201?

Check the references section above for vendor advisories and patch information. Affected products include: Ruby-Lang Ruby, Debian Debian Linux.

Vulnerability Description

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ruby-Lang	Ruby	>= 2.4.0, <= 2.4.7
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2019-16201?

CVE-2019-16201 is a vulnerability with a CVSS score of 7.5 (HIGH). WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBri...

How severe is CVE-2019-16201?

CVE-2019-16201 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-16201?

Check the references section above for vendor advisories and patch information. Affected products include: Ruby-Lang Ruby, Debian Debian Linux.