Ruby@1.8.5 Security Vulnerabilities and Issues — Ruby@1.8.5 CVE List

Lucene search

Ruby-langRuby1.8.5

8 matches found

CVE•added 2007/10/01 5:17 a.m.•70 views

CVE-2007-5162

The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissio...

4.3CVSS6.4AI score0.01528EPSS

CVE•added 2008/08/13 1:41 a.m.•68 views

CVE-2008-3655

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PRO...

7.5CVSS6.8AI score0.40782EPSS

CVE•added 2008/08/13 1:41 a.m.•68 views

CVE-2008-3656

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of ser...

7.8CVSS6.5AI score0.67854EPSS

CVE•added 2008/04/18 10:5 p.m.•63 views

CVE-2008-1891

Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (e...

5CVSS6.5AI score0.00301EPSS

CVE•added 2007/11/14 1:46 a.m.•61 views

CVE-2007-5770

The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SS...

5CVSS9.2AI score0.10911EPSS

CVE•added 2008/08/14 11:41 p.m.•61 views

CVE-2008-3443

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failu...

5CVSS6.5AI score0.30956EPSS

CVE•added 2008/08/13 1:41 a.m.•57 views

CVE-2008-3657

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.

7.5CVSS6.7AI score0.34912EPSS

CVE•added 2008/12/09 12:30 a.m.•46 views

CVE-2008-4310

httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.

7.8CVSS6.3AI score0.67854EPSS