Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2005-1992

Published: 20/06/2005 Updated: 11/10/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Ruby

Vulnerability Summary

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote malicious users to execute arbitrary commands.

Vulnerable Product Search on Vulmon Subscribe to Product

yukihiro matsumoto ruby 1.8

Vendor Advisories

Red Hat: ruby security update
Synopsis ruby security update Type/Severity Security Advisory: Moderate Topic Updated ruby packages that fix an arbitrary command execution issue are nowavailableThis update has been rated as having moderate security impact by the RedHat Security Response Team Description Ruby is an inter ...
Ubuntu Security Notice: ruby1.8 vulnerability
Nobuhiro IMAI discovered that the changed default value of the Module#public_instance_methods() method broke the security protection of XMLRPC server handlers A remote attacker could exploit this to execute arbitrary commands on an XMLRPC server ...
Debian Security Advisories: DSA-748-1 ruby1.8 -- bad default value
A vulnerability has been discovered in ruby18 that could allow arbitrary command execution on a server running the ruby xmlrpc server The old stable distribution (woody) did not include ruby18 This problem is fixed for the current stable distribution (sarge) in version 182-7sarge1 This problem is fixed for the unstable distribution in versi ...

References

NVD-CWE-Otherhttp://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237http://www.debian.org/security/2005/dsa-748http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.htmlhttp://www.auscert.org.au/5509http://www.ciac.org/ciac/bulletins/p-312.shtmlhttp://secunia.com/advisories/16920/http://www.kb.cert.org/vuls/id/684913http://www.redhat.com/support/errata/RHSA-2005-543.htmlhttp://www.novell.com/linux/security/advisories/2005_18_sr.htmlhttp://www2.ruby-lang.org/en/20050701.htmlhttp://www.securityfocus.com/bid/14016http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819https://access.redhat.com/errata/RHSA-2005:543https://usn.ubuntu.com/146-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/684913
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook