This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Yukihiro Matsumoto First view 2004-10-20
Product Ruby Last view 2006-12-06
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:* 7
cpe:2.3:a:yukihiro_matsumoto:ruby:1.6:*:*:*:*:*:*:* 4
cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.1:*:*:*:*:*:*:* 4
cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2_pre2:*:*:*:*:*:*:* 3
cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.7:*:*:*:*:*:*:* 3
cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2_pre1:*:*:*:*:*:*:* 3
cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.1:*:*:*:*:*:*:* 2
cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.2:*:*:*:*:*:*:* 2
cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.3:*:*:*:*:*:*:* 2
cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.4:*:*:*:*:*:*:* 2
cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.5:*:*:*:*:*:*:* 2
cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.6:*:*:*:*:*:*:* 2
cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2:*:*:*:*:*:*:* 2
cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.3:*:*:*:*:*:*:* 2
cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.4:*:*:*:*:*:*:* 2
cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.5:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
5 2006-12-06 CVE-2006-6303

The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.
5 2006-10-27 CVE-2006-5467

The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
6.4 2006-07-21 CVE-2006-3694

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
5 2006-04-20 CVE-2006-1931

The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.
7.5 2005-10-07 CVE-2005-2337

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
7.5 2005-06-20 CVE-2005-1992

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
5 2005-03-01 CVE-2004-0983

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
2.1 2004-10-20 CVE-2004-0755

The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.

CWE : Common Weakness Enumeration

%idName
100% (2) CWE-399 Resource Management Errors

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:11128 The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly ...
oval:org.mitre.oval:def:10268 The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote ...
oval:org.mitre.oval:def:10819 The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an inva...
oval:org.mitre.oval:def:10564 Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-0...
oval:org.mitre.oval:def:11100 The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allo...
oval:org.mitre.oval:def:9983 Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attack...
oval:org.mitre.oval:def:10185 The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial...
oval:org.mitre.oval:def:10529 The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not proper...

Open Source Vulnerability Database (OSVDB)

id Description
34238 Ruby cgi.rb read_multipart Function Crafted HTTP Request DoS
34237 Ruby cgi.rb Crafted HTTP Request DoS
27145 Ruby Directory Operations Safe Level Security Bypass
27144 Ruby alias Function Safe Level Security Bypass
24972 Ruby HTTP/XMLRPC Blocking Sockets DoS
19610 Ruby eval.c safe_level Restriction Bypass
17407 Ruby XMLRPC Server Unspecified Arbitrary Command Execution
11534 Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS
8845 Ruby CGI Session Management Insecure File Creation

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for ruby
File : nvt/sles9p5020525.nasl
2009-10-10 Name : SLES9: Security update for ruby
File : nvt/sles9p5016692.nasl
2009-10-10 Name : SLES9: Security update for ruby
File : nvt/sles9p5013651.nasl
2009-10-10 Name : SLES9: Security update for ruby
File : nvt/sles9p5013198.nasl
2009-10-10 Name : SLES9: Security update for ruby
File : nvt/sles9p5009168.nasl
2009-03-06 Name : RedHat Update for ruby RHSA-2008:0562-01
File : nvt/gb_RHSA-2008_0562-01_ruby.nasl
2009-02-27 Name : CentOS Update for ruby CESA-2008:0562-01 centos2 i386
File : nvt/gb_CESA-2008_0562-01_ruby_centos2_i386.nasl
2009-02-27 Name : CentOS Update for irb CESA-2008:0562 centos3 x86_64
File : nvt/gb_CESA-2008_0562_irb_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for irb CESA-2008:0562 centos3 i386
File : nvt/gb_CESA-2008_0562_irb_centos3_i386.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200612-21 (ruby)
File : nvt/glsa_200612_21.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200611-12 (ruby)
File : nvt/glsa_200611_12.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200605-11 (ruby)
File : nvt/glsa_200605_11.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200510-05 (ruby)
File : nvt/glsa_200510_05.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200507-10 (ruby)
File : nvt/glsa_200507_10.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200411-23 (Ruby)
File : nvt/glsa_200411_23.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200409-08 (dev-lang/ruby)
File : nvt/glsa_200409_08.nasl
2008-09-04 Name : FreeBSD Ports: ruby, ruby_static
File : nvt/freebsd_ruby1.nasl
2008-09-04 Name : FreeBSD Ports: ruby, ruby_r
File : nvt/freebsd_ruby.nasl
2008-09-04 Name : FreeBSD Ports: ruby
File : nvt/freebsd_ruby5.nasl
2008-09-04 Name : FreeBSD Ports: ruby, ruby_static
File : nvt/freebsd_ruby4.nasl
2008-09-04 Name : FreeBSD Ports: ruby, ruby_static
File : nvt/freebsd_ruby3.nasl
2008-09-04 Name : FreeBSD Ports: ruby, ruby_static
File : nvt/freebsd_ruby2.nasl
2008-09-04 Name : FreeBSD Ports: ruby
File : nvt/freebsd_ruby0.nasl
2008-01-17 Name : Debian Security Advisory DSA 864-1 (ruby1.8)
File : nvt/deb_864_1.nasl

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2006-0604.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2006-0729.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0961.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0562.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080714_ruby_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20071113_ruby_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-01-12 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-773.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_11442.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_d656296b33ff11d9a9e70001020eed82.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2007-0961.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2006-0729.nasl - Type: ACT_GATHER_INFO
2008-07-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0562.nasl - Type: ACT_GATHER_INFO
2008-07-15 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2008-0562.nasl - Type: ACT_GATHER_INFO
2007-12-13 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_ruby-2224.nasl - Type: ACT_GATHER_INFO
2007-12-13 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_ruby-2654.nasl - Type: ACT_GATHER_INFO
2007-12-13 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_ruby-1946.nasl - Type: ACT_GATHER_INFO
2007-11-14 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2007-0961.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-394-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-325-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-371-1.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote openSUSE host is missing a security update.
File: suse_ruby-2219.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote openSUSE host is missing a security update.
File: suse_ruby-2655.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote openSUSE host is missing a security update.
File: suse_ruby-1948.nasl - Type: ACT_GATHER_INFO
2007-05-25 Name: The remote host is missing a Mac OS X update that fixes several security issues.
File: macosx_SecUpd2007-005.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-192.nasl - Type: ACT_GATHER_INFO