CVE-2005-1992

EPSS 8.76%
Published 20.06.2005 04:00:00
Last modified 03.04.2025 01:03:51
Source secalert@redhat.com
Teams watchlist Login
Open Login

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.

Affected products Warnungen 0 Metrics 2 CWE 0 References 16

Data is provided by the National Vulnerability Database (NVD)

Yukihiro Matsumoto ≫ Ruby Version1.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	8.76%	0.916

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.novell.com/linux/security/advisories/2005_18_sr.html

http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237

Patch

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064

http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html

http://secunia.com/advisories/16920/

http://www.auscert.org.au/5509

http://www.ciac.org/ciac/bulletins/p-312.shtml

http://www.debian.org/security/2005/dsa-748

http://www.kb.cert.org/vuls/id/684913

US Government Resource

http://www.redhat.com/support/errata/RHSA-2005-543.html

http://www.securityfocus.com/bid/14016

http://www2.ruby-lang.org/en/20050701.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819

https://nvd.nist.gov/vuln/detail/CVE-2005-1992

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-1992

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-1992

EUVD