CVE-2006-4112

2006-08-1421:04:00

[email protected]

web.nvd.nist.gov

cve

ruby on rails

vulnerability

remote execution

denial of service

data loss

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.037 Low

EPSS

Percentile

91.8%

JSON

Unspecified vulnerability in the “dependency resolution mechanism” in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or “data loss,” a different vulnerability than CVE-2006-4111.

Affected configurations

NVD

Node

rubyonrailsrailsMatch1.1.0

rubyonrailsrailsMatch1.1.1

rubyonrailsrailsMatch1.1.2

rubyonrailsrailsMatch1.1.3

rubyonrailsrailsMatch1.1.4

CPENameOperatorVersion
rubyonrails:railsrubyonrails railseq1.1.0
rubyonrails:railsrubyonrails railseq1.1.1
rubyonrails:railsrubyonrails railseq1.1.2
rubyonrails:railsrubyonrails railseq1.1.3
rubyonrails:railsrubyonrails railseq1.1.4

CPE	Name	Operator	Version
rubyonrails:rails	rubyonrails rails	eq	1.1.0
rubyonrails:rails	rubyonrails rails	eq	1.1.1
rubyonrails:rails	rubyonrails rails	eq	1.1.2
rubyonrails:rails	rubyonrails rails	eq	1.1.3
rubyonrails:rails	rubyonrails rails	eq	1.1.4