Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2011-3009
HistoryAug 05, 2011 - 10:55 p.m.

CVE-2011-3009

2011-08-0522:55:00
CWE-310
[email protected]
web.nvd.nist.gov
24
cve-2011-3009
ruby
random seed
forking
context-dependent attackers
cve-2003-0900
security vulnerability.

6.1 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.8%

JSON

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.

CPENameOperatorVersion
ruby-lang:rubyruby-lang rubyle1.8.6

Related

prion 2
ubuntucve 2
nessus 11
openvas 14
veracode 1
centos 1
oraclelinux 2
redhat 2
debiancve 1
cve 2
rubygems 2
debian 1
osv 1
prion
prion
Sql injection
2011-08-05 22:55:00
Design/Logic Flaw
2011-08-05 21:55:00
ubuntucve
ubuntucve
CVE-2011-3009
2011-08-05 00:00:00
CVE-2011-2686
2011-08-05 00:00:00
nessus
nessus
Oracle Linux 6 : ruby (ELSA-2011-1581)
2023-09-07 00:00:00
Oracle Linux 4 / 5 : ruby (ELSA-2012-0070)
2013-07-12 00:00:00
RHEL 4 / 5 : ruby (RHSA-2012:0070)
2012-01-31 00:00:00
openvas
openvas
Ruby Random Number Values Information Disclosure Vulnerability
2011-08-29 00:00:00
Ruby Random Number Values Information Disclosure Vulnerability
2011-08-29 00:00:00
Oracle: Security Advisory (ELSA-2012-0070)
2015-10-06 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 01:07:08
centos
centos
irb, ruby security update
2012-01-30 18:44:29
oraclelinux
oraclelinux
ruby security update
2012-01-30 00:00:00
ruby security, bug fix, and enhancement update
2011-12-14 00:00:00
redhat
redhat
(RHSA-2012:0070) Moderate: ruby security update
2012-01-30 00:00:00
(RHSA-2011:1581) Low: ruby security, bug fix, and enhancement update
2011-12-06 00:00:00
debiancve
debiancve
CVE-2003-0900
2003-12-31 05:00:00
cve
cve
CVE-2003-0900
2003-12-31 05:00:00
CVE-2011-2686
2011-08-05 21:55:00
rubygems
rubygems
Ruby Properly initialize the random number generator when forking new process
2011-07-01 20:00:00
Ruby Random Number Generation Local Denial Of Service Vulnerability
2011-07-01 20:00:00
debian
debian
[SECURITY] [DLA 88-1] ruby1.8 security update
2014-11-21 15:18:14
osv
osv
ruby1.8 - security update
2014-11-21 00:00:00

6.1 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.8%

JSON
Related for CVE-2011-3009
prion2ubuntucve2nessus11openvas14veracode1centos1oraclelinux2redhat2debiancve1cve2rubygems2debian1osv1