This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:ruby-lang:ruby:1.8.5 |
| Detail | |||
|---|---|---|---|
| Vendor | Ruby-Lang | First view | 2007-10-01 |
| Product | Ruby | Last view | 2008-12-08 |
| Version | 1.8.5 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:ruby-lang:ruby | ||
Activity : Yearly
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 7.8 | 2008-12-08 | CVE-2008-4310 | Network | Low | None Requ... | |
| 5.8 | 2008-09-04 | CVE-2008-3905 | Network | Medium | None Requ... | |
| 5 | 2008-08-14 | CVE-2008-3443 | Network | Low | None Requ... | |
| 7.5 | 2008-08-12 | CVE-2008-3657 | Network | Low | None Requ... | |
| 7.8 | 2008-08-12 | CVE-2008-3656 | Network | Low | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 7.5 | 2008-08-12 | CVE-2008-3655 | Network | Low | None Requ... | |
| 5 | 2008-04-18 | CVE-2008-1891 | Network | Low | None Requ... | |
| 5 | 2007-11-13 | CVE-2007-5770 | Network | Low | None Requ... | |
| 4.3 | 2007-10-01 | CVE-2007-5162 | Network | Medium | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (3) | CWE-399 | Resource Management Errors |
| 33% (3) | CWE-287 | Improper Authentication |
| 11% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 11% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 11% (1) | CWE-20 | Improper Input Validation |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:10738 | The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS... |
| oval:org.mitre.oval:def:11025 | The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) N... |
| oval:org.mitre.oval:def:9570 | The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 thro... |
| oval:org.mitre.oval:def:11602 | Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, an... |
| oval:org.mitre.oval:def:9682 | Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_v... |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:9793 | The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 thro... |
| oval:org.mitre.oval:def:10034 | resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.... |
| oval:org.mitre.oval:def:10250 | httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterpris... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 47800 | Ruby Regexp Engine (regex.c) Crafted Socket Request DoS |
| 47472 | Ruby dl Module DL.dlopen Arbitrary Library Access |
| 47471 | WEBrick in Ruby WEBrick::HTTP::DefaultFileHandler Crafted HTTP Request DoS |
| 47470 | Ruby Safe Level Multiple Function Restriction Bypass |
| 47469 | Ruby resolv.rb DNS Query ID Field Prediction Cache Poisoning |
| id | Description |
|---|---|
| 44682 | WEBrick in Ruby URI Multiple Encoded Traversal Arbitrary File Access |
| 40773 | Ruby Multiple Net Modules Certificate commonName (CN) Field Verification Weak... |
Milw0rm Exploits
| id | Description |
|---|---|
| 2008-08-13 | Ruby <= 1.9 (regex engine) Remote Socket Memory Leak Exploit |
Metasploit Exploits
| id | Description |
|---|---|
| 2008-08-08 | Ruby WEBrick::HTTP::DefaultFileHandler DoS |
