CVE-2005-1992

EPSS 8.76%
Veröffentlicht 20.06.2005 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Yukihiro Matsumoto ≫ Ruby Version1.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	8.76%	0.916

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.novell.com/linux/security/advisories/2005_18_sr.html

http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237

Patch

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064

http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html

http://secunia.com/advisories/16920/

http://www.auscert.org.au/5509

http://www.ciac.org/ciac/bulletins/p-312.shtml

http://www.debian.org/security/2005/dsa-748

http://www.kb.cert.org/vuls/id/684913

US Government Resource

http://www.redhat.com/support/errata/RHSA-2005-543.html

http://www.securityfocus.com/bid/14016

http://www2.ruby-lang.org/en/20050701.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819

https://nvd.nist.gov/vuln/detail/CVE-2005-1992

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-1992

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-1992

EUVD