CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
91.7%
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents “security protection” using handlers, which allows remote attackers to execute arbitrary commands.
Vendor | Product | Version | CPE |
---|---|---|---|
yukihiro_matsumoto | ruby | 1.8 | cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:* |
blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237
bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064
lists.apple.com/archives/security-announce/2005/Sep/msg00002.html
secunia.com/advisories/16920/
www.auscert.org.au/5509
www.ciac.org/ciac/bulletins/p-312.shtml
www.debian.org/security/2005/dsa-748
www.kb.cert.org/vuls/id/684913
www.novell.com/linux/security/advisories/2005_18_sr.html
www.redhat.com/support/errata/RHSA-2005-543.html
www.securityfocus.com/bid/14016
www2.ruby-lang.org/en/20050701.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819