Summary
Detail | |||
---|---|---|---|
Vendor | Yukihiro Matsumoto | First view | 2004-10-20 |
Product | Ruby | Last view | 2006-12-06 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5 | 2006-12-06 | CVE-2006-6303 | The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. |
5 | 2006-10-27 | CVE-2006-5467 | The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID. |
6.4 | 2006-07-21 | CVE-2006-3694 | Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations". |
5 | 2006-04-20 | CVE-2006-1931 | The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data. |
7.5 | 2005-10-07 | CVE-2005-2337 | Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). |
7.5 | 2005-06-20 | CVE-2005-1992 | The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands. |
5 | 2005-03-01 | CVE-2004-0983 | The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. |
2.1 | 2004-10-20 | CVE-2004-0755 | The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (2) | CWE-399 | Resource Management Errors |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:11128 | The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly ... |
oval:org.mitre.oval:def:10268 | The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote ... |
oval:org.mitre.oval:def:10819 | The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an inva... |
oval:org.mitre.oval:def:10564 | Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-0... |
oval:org.mitre.oval:def:11100 | The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allo... |
oval:org.mitre.oval:def:9983 | Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attack... |
oval:org.mitre.oval:def:10185 | The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial... |
oval:org.mitre.oval:def:10529 | The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not proper... |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
34238 | Ruby cgi.rb read_multipart Function Crafted HTTP Request DoS |
34237 | Ruby cgi.rb Crafted HTTP Request DoS |
27145 | Ruby Directory Operations Safe Level Security Bypass |
27144 | Ruby alias Function Safe Level Security Bypass |
24972 | Ruby HTTP/XMLRPC Blocking Sockets DoS |
19610 | Ruby eval.c safe_level Restriction Bypass |
17407 | Ruby XMLRPC Server Unspecified Arbitrary Command Execution |
11534 | Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS |
8845 | Ruby CGI Session Management Insecure File Creation |
OpenVAS Exploits
id | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for ruby File : nvt/sles9p5020525.nasl |
2009-10-10 | Name : SLES9: Security update for ruby File : nvt/sles9p5016692.nasl |
2009-10-10 | Name : SLES9: Security update for ruby File : nvt/sles9p5013651.nasl |
2009-10-10 | Name : SLES9: Security update for ruby File : nvt/sles9p5013198.nasl |
2009-10-10 | Name : SLES9: Security update for ruby File : nvt/sles9p5009168.nasl |
2009-03-06 | Name : RedHat Update for ruby RHSA-2008:0562-01 File : nvt/gb_RHSA-2008_0562-01_ruby.nasl |
2009-02-27 | Name : CentOS Update for ruby CESA-2008:0562-01 centos2 i386 File : nvt/gb_CESA-2008_0562-01_ruby_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for irb CESA-2008:0562 centos3 x86_64 File : nvt/gb_CESA-2008_0562_irb_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for irb CESA-2008:0562 centos3 i386 File : nvt/gb_CESA-2008_0562_irb_centos3_i386.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200612-21 (ruby) File : nvt/glsa_200612_21.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200611-12 (ruby) File : nvt/glsa_200611_12.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200605-11 (ruby) File : nvt/glsa_200605_11.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200510-05 (ruby) File : nvt/glsa_200510_05.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-10 (ruby) File : nvt/glsa_200507_10.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-23 (Ruby) File : nvt/glsa_200411_23.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-08 (dev-lang/ruby) File : nvt/glsa_200409_08.nasl |
2008-09-04 | Name : FreeBSD Ports: ruby, ruby_static File : nvt/freebsd_ruby1.nasl |
2008-09-04 | Name : FreeBSD Ports: ruby, ruby_r File : nvt/freebsd_ruby.nasl |
2008-09-04 | Name : FreeBSD Ports: ruby File : nvt/freebsd_ruby5.nasl |
2008-09-04 | Name : FreeBSD Ports: ruby, ruby_static File : nvt/freebsd_ruby4.nasl |
2008-09-04 | Name : FreeBSD Ports: ruby, ruby_static File : nvt/freebsd_ruby3.nasl |
2008-09-04 | Name : FreeBSD Ports: ruby, ruby_static File : nvt/freebsd_ruby2.nasl |
2008-09-04 | Name : FreeBSD Ports: ruby File : nvt/freebsd_ruby0.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 864-1 (ruby1.8) File : nvt/deb_864_1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2006-0604.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2006-0729.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0961.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0562.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20080714_ruby_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20071113_ruby_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2012-01-12 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-773.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_11442.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_d656296b33ff11d9a9e70001020eed82.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2007-0961.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2006-0729.nasl - Type: ACT_GATHER_INFO |
2008-07-15 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0562.nasl - Type: ACT_GATHER_INFO |
2008-07-15 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2008-0562.nasl - Type: ACT_GATHER_INFO |
2007-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_ruby-2224.nasl - Type: ACT_GATHER_INFO |
2007-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_ruby-2654.nasl - Type: ACT_GATHER_INFO |
2007-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_ruby-1946.nasl - Type: ACT_GATHER_INFO |
2007-11-14 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2007-0961.nasl - Type: ACT_GATHER_INFO |
2007-11-10 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-394-1.nasl - Type: ACT_GATHER_INFO |
2007-11-10 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-325-1.nasl - Type: ACT_GATHER_INFO |
2007-11-10 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-371-1.nasl - Type: ACT_GATHER_INFO |
2007-10-17 | Name: The remote openSUSE host is missing a security update. File: suse_ruby-2219.nasl - Type: ACT_GATHER_INFO |
2007-10-17 | Name: The remote openSUSE host is missing a security update. File: suse_ruby-2655.nasl - Type: ACT_GATHER_INFO |
2007-10-17 | Name: The remote openSUSE host is missing a security update. File: suse_ruby-1948.nasl - Type: ACT_GATHER_INFO |
2007-05-25 | Name: The remote host is missing a Mac OS X update that fixes several security issues. File: macosx_SecUpd2007-005.nasl - Type: ACT_GATHER_INFO |
2007-02-18 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2006-192.nasl - Type: ACT_GATHER_INFO |