Design/Logic Flaw

🗓️ 02 May 2013 14:55:00Reported by PRIOn knowledge baseType

Safe-level feature vulnerability in Ruby 1.8.7 allowing context-dependent attackers to modify strings via the NameError#to_s method. Incomplete fix for CVE-2011-1005

Reporter	Title	Published	Views	Family All 154
Tenable Nessus	Mac OS X 10.7 < 10.7.4 Multiple Vulnerabilities	14 May 201200:00	–	nessus
Tenable Nessus	Amazon Linux AMI : ruby (ALAS-2013-173)	4 Sep 201300:00	–	nessus
Tenable Nessus	CentOS 4 : ruby (CESA-2011:0908)	15 Aug 201100:00	–	nessus
Tenable Nessus	CentOS 5 : ruby (CESA-2011:0909)	29 Jun 201300:00	–	nessus
Tenable Nessus	CentOS 5 : ruby (CESA-2013:0129)	17 Jan 201300:00	–	nessus
Tenable Nessus	CentOS 6 : ruby (CESA-2013:0612)	10 Mar 201300:00	–	nessus
Tenable Nessus	Fedora 13 : ruby-1.8.6.420-2.fc13 (2011-1913)	2 Mar 201100:00	–	nessus
Tenable Nessus	Fedora 16 : ruby-1.8.7.358-4.fc16 (2012-15507)	15 Oct 201200:00	–	nessus
Tenable Nessus	GLSA-201412-27 : Ruby: Denial of Service	15 Dec 201400:00	–	nessus
Tenable Nessus	Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)	10 May 201200:00	–	nessus

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
openwall	www.openwall.com/lists/oss-security/2012/10/05/4
rhn	www.rhn.redhat.com/errata/RHSA-2013-0129.html
rhn	www.rhn.redhat.com/errata/RHSA-2013-0612.html
wiki	www.wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294
mandriva	www.mandriva.com/security/advisories

13 Feb 2023 00:26Current

6.4Medium risk

Vulners AI Score6.4

EPSS0.02121