Lucene search

[email protected]NVD:CVE-2005-1992

HistoryJun 20, 2005 - 4:00 a.m.

CVE-2005-1992

2005-06-2004:00:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.036 Low

EPSS

Percentile

91.7%

JSON

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents “security protection” using handlers, which allows remote attackers to execute arbitrary commands.

Affected configurations

NVD

Node

yukihiro_matsumotorubyMatch1.8

References

blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237

bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064

lists.apple.com/archives/security-announce/2005/Sep/msg00002.html

secunia.com/advisories/16920/

www.auscert.org.au/5509

www.ciac.org/ciac/bulletins/p-312.shtml

www.debian.org/security/2005/dsa-748

www.kb.cert.org/vuls/id/684913

www.novell.com/linux/security/advisories/2005_18_sr.html

www.redhat.com/support/errata/RHSA-2005-543.html

www.securityfocus.com/bid/14016

www2.ruby-lang.org/en/20050701.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.036 Low

EPSS

Percentile

91.7%

JSON

Related for NVD:CVE-2005-1992

nessus11 openvas8 debian2 centos1 cve1 cert1 freebsd1 gentoo1 ubuntu1 ubuntucve1 cvelist1 redhat1