Search

Find a vulnerability

Search criteria

    16 vulnerabilities by yukihiro_matsumoto

    CVE-2006-6303 (GCVE-0-2006-6303)

    Vulnerability from nvd – Published: 2006-12-06 19:00 – Updated: 2024-08-07 20:19
    VLAI
    Summary
    The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://docs.info.apple.com/article.html?artnum=305530 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/usn-394-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/31090 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27576 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/1939 vdb-entryx_refsource_VUPEN
    http://jvn.jp/jp/JVN%2384798830/index.html third-party-advisoryx_refsource_JVN
    http://secunia.com/advisories/23268 third-party-advisoryx_refsource_SECUNIA
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://bugzilla.redhat.com/bugzilla/show_bug.cgi?… x_refsource_MISC
    http://www.ruby-lang.org/en/news/2006/12/04/anoth… x_refsource_CONFIRM
    http://secunia.com/advisories/25402 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/23165 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2007-09… vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1017363 vdb-entryx_refsource_SECTRACK
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://bugs.gentoo.org/show_bug.cgi?id=157048 x_refsource_MISC
    http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/… x_refsource_MISC
    http://www.vupen.com/english/advisories/2006/4855 vdb-entryx_refsource_VUPEN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://security.gentoo.org/glsa/glsa-200612-21.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/23454 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/21441 vdb-entryx_refsource_BID
    Date Public
    2006-12-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:19:35.192Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=305530"
              },
              {
                "name": "USN-394-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-394-1"
              },
              {
                "name": "31090",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31090"
              },
              {
                "name": "27576",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27576"
              },
              {
                "name": "ADV-2007-1939",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1939"
              },
              {
                "name": "JVN#84798830",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/jp/JVN%2384798830/index.html"
              },
              {
                "name": "23268",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23268"
              },
              {
                "name": "APPLE-SA-2007-05-24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/"
              },
              {
                "name": "25402",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25402"
              },
              {
                "name": "23165",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23165"
              },
              {
                "name": "RHSA-2007:0961",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0961.html"
              },
              {
                "name": "oval:org.mitre.oval:def:10529",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10529"
              },
              {
                "name": "ruby-cgi-library-dos(30734)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30734"
              },
              {
                "name": "1017363",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1017363"
              },
              {
                "name": "SUSE-SR:2007:004",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=157048"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h\u0026only_with_tag=MAIN\u0026r1=text\u0026tr1=1.92\u0026r2=text\u0026tr2=1.91"
              },
              {
                "name": "ADV-2006-4855",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4855"
              },
              {
                "name": "MDKSA-2006:225",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:225"
              },
              {
                "name": "GLSA-200612-21",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200612-21.xml"
              },
              {
                "name": "23454",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23454"
              },
              {
                "name": "21441",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21441"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-12-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=305530"
            },
            {
              "name": "USN-394-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-394-1"
            },
            {
              "name": "31090",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31090"
            },
            {
              "name": "27576",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27576"
            },
            {
              "name": "ADV-2007-1939",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1939"
            },
            {
              "name": "JVN#84798830",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/jp/JVN%2384798830/index.html"
            },
            {
              "name": "23268",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23268"
            },
            {
              "name": "APPLE-SA-2007-05-24",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/"
            },
            {
              "name": "25402",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25402"
            },
            {
              "name": "23165",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23165"
            },
            {
              "name": "RHSA-2007:0961",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0961.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10529",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10529"
            },
            {
              "name": "ruby-cgi-library-dos(30734)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30734"
            },
            {
              "name": "1017363",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1017363"
            },
            {
              "name": "SUSE-SR:2007:004",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=157048"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h\u0026only_with_tag=MAIN\u0026r1=text\u0026tr1=1.92\u0026r2=text\u0026tr2=1.91"
            },
            {
              "name": "ADV-2006-4855",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4855"
            },
            {
              "name": "MDKSA-2006:225",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:225"
            },
            {
              "name": "GLSA-200612-21",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200612-21.xml"
            },
            {
              "name": "23454",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23454"
            },
            {
              "name": "21441",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21441"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-6303",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=305530",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=305530"
                },
                {
                  "name": "USN-394-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-394-1"
                },
                {
                  "name": "31090",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31090"
                },
                {
                  "name": "27576",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27576"
                },
                {
                  "name": "ADV-2007-1939",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1939"
                },
                {
                  "name": "JVN#84798830",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/jp/JVN%2384798830/index.html"
                },
                {
                  "name": "23268",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23268"
                },
                {
                  "name": "APPLE-SA-2007-05-24",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
                },
                {
                  "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287",
                  "refsource": "MISC",
                  "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287"
                },
                {
                  "name": "http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/",
                  "refsource": "CONFIRM",
                  "url": "http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/"
                },
                {
                  "name": "25402",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25402"
                },
                {
                  "name": "23165",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23165"
                },
                {
                  "name": "RHSA-2007:0961",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0961.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:10529",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10529"
                },
                {
                  "name": "ruby-cgi-library-dos(30734)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30734"
                },
                {
                  "name": "1017363",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1017363"
                },
                {
                  "name": "SUSE-SR:2007:004",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
                },
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=157048",
                  "refsource": "MISC",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=157048"
                },
                {
                  "name": "http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h\u0026only_with_tag=MAIN\u0026r1=text\u0026tr1=1.92\u0026r2=text\u0026tr2=1.91",
                  "refsource": "MISC",
                  "url": "http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h\u0026only_with_tag=MAIN\u0026r1=text\u0026tr1=1.92\u0026r2=text\u0026tr2=1.91"
                },
                {
                  "name": "ADV-2006-4855",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4855"
                },
                {
                  "name": "MDKSA-2006:225",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:225"
                },
                {
                  "name": "GLSA-200612-21",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200612-21.xml"
                },
                {
                  "name": "23454",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23454"
                },
                {
                  "name": "21441",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21441"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-6303",
        "datePublished": "2006-12-06T19:00:00.000Z",
        "dateReserved": "2006-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:19:35.192Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5467 (GCVE-0-2006-5467)

    Vulnerability from nvd – Published: 2006-10-27 18:00 – Updated: 2024-08-07 19:48
    VLAI
    Summary
    The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200611-12.xml vendor-advisoryx_refsource_GENTOO
    http://docs.info.apple.com/article.html?artnum=305530 x_refsource_CONFIRM
    http://secunia.com/advisories/22932 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/1939 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/23344 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/22615 third-party-advisoryx_refsource_SECUNIA
    http://www.openpkg.org/security/advisories/OpenPK… vendor-advisoryx_refsource_OPENPKG
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/22761 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/25402 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/23040 third-party-advisoryx_refsource_SECUNIA
    http://rubyforge.org/pipermail/mongrel-users/2006… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/20777 vdb-entryx_refsource_BID
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://securitytracker.com/id?1017194 vdb-entryx_refsource_SECTRACK
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    http://www.debian.org/security/2006/dsa-1235 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/usn-371-1 vendor-advisoryx_refsource_UBUNTU
    http://www.vupen.com/english/advisories/2006/4244 vdb-entryx_refsource_VUPEN
    http://www.redhat.com/support/errata/RHSA-2006-07… vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2006/dsa-1234 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/22929 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/4245 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/22624 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2006-10-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:48:30.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200611-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200611-12.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=305530"
              },
              {
                "name": "22932",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22932"
              },
              {
                "name": "ADV-2007-1939",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1939"
              },
              {
                "name": "23344",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23344"
              },
              {
                "name": "22615",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22615"
              },
              {
                "name": "OpenPKG-SA-2006.030",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_OPENPKG",
                  "x_transferred"
                ],
                "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html"
              },
              {
                "name": "APPLE-SA-2007-05-24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
              },
              {
                "name": "oval:org.mitre.oval:def:10185",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185"
              },
              {
                "name": "22761",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22761"
              },
              {
                "name": "25402",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25402"
              },
              {
                "name": "SUSE-SR:2006:026",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
              },
              {
                "name": "23040",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23040"
              },
              {
                "name": "[mongrel-users] 20061025 [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html"
              },
              {
                "name": "20777",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20777"
              },
              {
                "name": "MDKSA-2006:192",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:192"
              },
              {
                "name": "1017194",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1017194"
              },
              {
                "name": "20061101-01-P",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
              },
              {
                "name": "DSA-1235",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1235"
              },
              {
                "name": "USN-371-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-371-1"
              },
              {
                "name": "ADV-2006-4244",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4244"
              },
              {
                "name": "RHSA-2006:0729",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2006-0729.html"
              },
              {
                "name": "DSA-1234",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1234"
              },
              {
                "name": "22929",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22929"
              },
              {
                "name": "ADV-2006-4245",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4245"
              },
              {
                "name": "22624",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22624"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a \"-\" instead of \"--\" and contains an inconsistent ID."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "GLSA-200611-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200611-12.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=305530"
            },
            {
              "name": "22932",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22932"
            },
            {
              "name": "ADV-2007-1939",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1939"
            },
            {
              "name": "23344",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23344"
            },
            {
              "name": "22615",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22615"
            },
            {
              "name": "OpenPKG-SA-2006.030",
              "tags": [
                "vendor-advisory",
                "x_refsource_OPENPKG"
              ],
              "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html"
            },
            {
              "name": "APPLE-SA-2007-05-24",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10185",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185"
            },
            {
              "name": "22761",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22761"
            },
            {
              "name": "25402",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25402"
            },
            {
              "name": "SUSE-SR:2006:026",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
            },
            {
              "name": "23040",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23040"
            },
            {
              "name": "[mongrel-users] 20061025 [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html"
            },
            {
              "name": "20777",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20777"
            },
            {
              "name": "MDKSA-2006:192",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:192"
            },
            {
              "name": "1017194",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1017194"
            },
            {
              "name": "20061101-01-P",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
            },
            {
              "name": "DSA-1235",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1235"
            },
            {
              "name": "USN-371-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-371-1"
            },
            {
              "name": "ADV-2006-4244",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4244"
            },
            {
              "name": "RHSA-2006:0729",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0729.html"
            },
            {
              "name": "DSA-1234",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1234"
            },
            {
              "name": "22929",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22929"
            },
            {
              "name": "ADV-2006-4245",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4245"
            },
            {
              "name": "22624",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22624"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2006-5467",
        "datePublished": "2006-10-27T18:00:00.000Z",
        "dateReserved": "2006-10-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:48:30.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3694 (GCVE-0-2006-3694)

    Vulnerability from nvd – Published: 2006-07-19 01:00 – Updated: 2024-08-07 18:39
    VLAI
    Summary
    Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    http://www.securityfocus.com/bid/18944 vdb-entryx_refsource_BID
    http://secunia.com/advisories/21657 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/21749 third-party-advisoryx_refsource_SECUNIA
    http://jvn.jp/jp/JVN%2313947696/index.html third-party-advisoryx_refsource_JVN
    http://secunia.com/advisories/21009 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/21598 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/21233 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/2760 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/27144 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/27145 vdb-entryx_refsource_OSVDB
    http://www.ubuntu.com/usn/usn-325-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2006/dsa-1157 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/21337 third-party-advisoryx_refsource_SECUNIA
    http://lists.freebsd.org/pipermail/freebsd-securi… mailing-listx_refsource_MLIST
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/21272 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/21236 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2006/dsa-1139 vendor-advisoryx_refsource_DEBIAN
    http://www.redhat.com/support/errata/RHSA-2006-06… vendor-advisoryx_refsource_REDHAT
    http://jvn.jp/jp/JVN%2383768862/index.html third-party-advisoryx_refsource_JVN
    http://lists.freebsd.org/pipermail/freebsd-securi… mailing-listx_refsource_MLIST
    Date Public
    2006-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:39:53.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060801-01-P",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
              },
              {
                "name": "18944",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18944"
              },
              {
                "name": "21657",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21657"
              },
              {
                "name": "oval:org.mitre.oval:def:9983",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983"
              },
              {
                "name": "21749",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21749"
              },
              {
                "name": "JVN#13947696",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/jp/JVN%2313947696/index.html"
              },
              {
                "name": "21009",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21009"
              },
              {
                "name": "MDKSA-2006:134",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:134"
              },
              {
                "name": "21598",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21598"
              },
              {
                "name": "21233",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21233"
              },
              {
                "name": "ADV-2006-2760",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2760"
              },
              {
                "name": "ruby-alias-directory-security-bypass(27725)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27725"
              },
              {
                "name": "27144",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/27144"
              },
              {
                "name": "27145",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/27145"
              },
              {
                "name": "USN-325-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-325-1"
              },
              {
                "name": "DSA-1157",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1157"
              },
              {
                "name": "21337",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21337"
              },
              {
                "name": "[freebsd-security] 20060728 Ruby vulnerability?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html"
              },
              {
                "name": "SUSE-SR:2006:021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html"
              },
              {
                "name": "21272",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21272"
              },
              {
                "name": "21236",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21236"
              },
              {
                "name": "DSA-1139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1139"
              },
              {
                "name": "RHSA-2006:0604",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2006-0604.html"
              },
              {
                "name": "JVN#83768862",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/jp/JVN%2383768862/index.html"
              },
              {
                "name": "[freebsd-security] 20060730 Ruby vulnerability?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass \"safe level\" checks via unspecified vectors involving (1) the alias function and (2) \"directory operations\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060801-01-P",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
            },
            {
              "name": "18944",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18944"
            },
            {
              "name": "21657",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21657"
            },
            {
              "name": "oval:org.mitre.oval:def:9983",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983"
            },
            {
              "name": "21749",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21749"
            },
            {
              "name": "JVN#13947696",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/jp/JVN%2313947696/index.html"
            },
            {
              "name": "21009",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21009"
            },
            {
              "name": "MDKSA-2006:134",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:134"
            },
            {
              "name": "21598",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21598"
            },
            {
              "name": "21233",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21233"
            },
            {
              "name": "ADV-2006-2760",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2760"
            },
            {
              "name": "ruby-alias-directory-security-bypass(27725)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27725"
            },
            {
              "name": "27144",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/27144"
            },
            {
              "name": "27145",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/27145"
            },
            {
              "name": "USN-325-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-325-1"
            },
            {
              "name": "DSA-1157",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1157"
            },
            {
              "name": "21337",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21337"
            },
            {
              "name": "[freebsd-security] 20060728 Ruby vulnerability?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html"
            },
            {
              "name": "SUSE-SR:2006:021",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html"
            },
            {
              "name": "21272",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21272"
            },
            {
              "name": "21236",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21236"
            },
            {
              "name": "DSA-1139",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1139"
            },
            {
              "name": "RHSA-2006:0604",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0604.html"
            },
            {
              "name": "JVN#83768862",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/jp/JVN%2383768862/index.html"
            },
            {
              "name": "[freebsd-security] 20060730 Ruby vulnerability?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3694",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass \"safe level\" checks via unspecified vectors involving (1) the alias function and (2) \"directory operations\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060801-01-P",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
                },
                {
                  "name": "18944",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18944"
                },
                {
                  "name": "21657",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21657"
                },
                {
                  "name": "oval:org.mitre.oval:def:9983",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983"
                },
                {
                  "name": "21749",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21749"
                },
                {
                  "name": "JVN#13947696",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/jp/JVN%2313947696/index.html"
                },
                {
                  "name": "21009",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21009"
                },
                {
                  "name": "MDKSA-2006:134",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:134"
                },
                {
                  "name": "21598",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21598"
                },
                {
                  "name": "21233",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21233"
                },
                {
                  "name": "ADV-2006-2760",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2760"
                },
                {
                  "name": "ruby-alias-directory-security-bypass(27725)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27725"
                },
                {
                  "name": "27144",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/27144"
                },
                {
                  "name": "27145",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/27145"
                },
                {
                  "name": "USN-325-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-325-1"
                },
                {
                  "name": "DSA-1157",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1157"
                },
                {
                  "name": "21337",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21337"
                },
                {
                  "name": "[freebsd-security] 20060728 Ruby vulnerability?",
                  "refsource": "MLIST",
                  "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html"
                },
                {
                  "name": "SUSE-SR:2006:021",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html"
                },
                {
                  "name": "21272",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21272"
                },
                {
                  "name": "21236",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21236"
                },
                {
                  "name": "DSA-1139",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1139"
                },
                {
                  "name": "RHSA-2006:0604",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2006-0604.html"
                },
                {
                  "name": "JVN#83768862",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/jp/JVN%2383768862/index.html"
                },
                {
                  "name": "[freebsd-security] 20060730 Ruby vulnerability?",
                  "refsource": "MLIST",
                  "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3694",
        "datePublished": "2006-07-19T01:00:00.000Z",
        "dateReserved": "2006-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:39:53.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1931 (GCVE-0-2006-1931)

    Vulnerability from nvd – Published: 2006-04-20 21:00 – Updated: 2024-08-07 17:27
    VLAI
    Summary
    The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/19772 third-party-advisoryx_refsource_SECUNIA
    http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby… x_refsource_MISC
    http://secunia.com/advisories/21657 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/16904 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-w… x_refsource_MISC
    https://usn.ubuntu.com/273-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/20024 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/17645 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.redhat.com/support/errata/RHSA-2006-04… vendor-advisoryx_refsource_REDHAT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.gentoo.org/security/en/glsa/glsa-20060… vendor-advisoryx_refsource_GENTOO
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi… x_refsource_CONFIRM
    http://securitytracker.com/id?1015978 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2006/dsa-1157 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/19804 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/20064 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/20457 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/24972 vdb-entryx_refsource_OSVDB
    ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-x… x_refsource_MISC
    Date Public
    2005-11-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:27:29.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19772",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19772"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787"
              },
              {
                "name": "21657",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21657"
              },
              {
                "name": "16904",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16904"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-webrick-dos-1.patch"
              },
              {
                "name": "USN-273-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/273-1/"
              },
              {
                "name": "20024",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20024"
              },
              {
                "name": "17645",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17645"
              },
              {
                "name": "oval:org.mitre.oval:def:11100",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11100"
              },
              {
                "name": "SUSE-SR:2006:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006-06-02.html"
              },
              {
                "name": "RHSA-2006:0427",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2006-0427.html"
              },
              {
                "name": "ruby-socket-dos(26102)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26102"
              },
              {
                "name": "GLSA-200605-11",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-11.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540"
              },
              {
                "name": "1015978",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015978"
              },
              {
                "name": "DSA-1157",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1157"
              },
              {
                "name": "19804",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19804"
              },
              {
                "name": "MDKSA-2006:079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:079"
              },
              {
                "name": "20064",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20064"
              },
              {
                "name": "20457",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20457"
              },
              {
                "name": "24972",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24972"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-xmlrpc-dos-1.patch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "19772",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19772"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787"
            },
            {
              "name": "21657",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21657"
            },
            {
              "name": "16904",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16904"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-webrick-dos-1.patch"
            },
            {
              "name": "USN-273-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/273-1/"
            },
            {
              "name": "20024",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20024"
            },
            {
              "name": "17645",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17645"
            },
            {
              "name": "oval:org.mitre.oval:def:11100",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11100"
            },
            {
              "name": "SUSE-SR:2006:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006-06-02.html"
            },
            {
              "name": "RHSA-2006:0427",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0427.html"
            },
            {
              "name": "ruby-socket-dos(26102)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26102"
            },
            {
              "name": "GLSA-200605-11",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-11.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540"
            },
            {
              "name": "1015978",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015978"
            },
            {
              "name": "DSA-1157",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1157"
            },
            {
              "name": "19804",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19804"
            },
            {
              "name": "MDKSA-2006:079",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:079"
            },
            {
              "name": "20064",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20064"
            },
            {
              "name": "20457",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20457"
            },
            {
              "name": "24972",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24972"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-xmlrpc-dos-1.patch"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2006-1931",
        "datePublished": "2006-04-20T21:00:00.000Z",
        "dateReserved": "2006-04-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:27:29.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2337 (GCVE-0-2005-2337)

    Vulnerability from nvd – Published: 2005-10-07 04:00 – Updated: 2024-08-07 22:22
    VLAI
    Summary
    Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/17951 vdb-entryx_refsource_BID
    http://secunia.com/advisories/16904 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/1779 vdb-entryx_refsource_VUPEN
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.us-cert.gov/cas/techalerts/TA06-132A.html third-party-advisoryx_refsource_CERT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://jvn.jp/jp/JVN%2362914675/index.html x_refsource_MISC
    http://www.debian.org/security/2005/dsa-860 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/17098 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/17285 third-party-advisoryx_refsource_SECUNIA
    http://www.kb.cert.org/vuls/id/160012 third-party-advisoryx_refsource_CERT-VN
    http://securityreason.com/securityalert/59 third-party-advisoryx_refsource_SREASON
    http://www.debian.org/security/2005/dsa-864 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/17147 third-party-advisoryx_refsource_SECUNIA
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/19130 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/14909 vdb-entryx_refsource_BID
    http://www.securitytracker.com/alerts/2005/Sep/10… vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/17129 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2005-799.html vendor-advisoryx_refsource_REDHAT
    http://www.gentoo.org/security/en/glsa/glsa-20051… vendor-advisoryx_refsource_GENTOO
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/20077 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-195-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ruby-lang.org/en/20051003.html x_refsource_CONFIRM
    http://secunia.com/advisories/17094 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2005/dsa-862 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2005-09-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:22:48.597Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "17951",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17951"
              },
              {
                "name": "16904",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16904"
              },
              {
                "name": "ADV-2006-1779",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1779"
              },
              {
                "name": "oval:org.mitre.oval:def:10564",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10564"
              },
              {
                "name": "SUSE-SR:2006:005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
              },
              {
                "name": "TA06-132A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
              },
              {
                "name": "ruby-eval-security-bypass(22360)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22360"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/jp/JVN%2362914675/index.html"
              },
              {
                "name": "DSA-860",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-860"
              },
              {
                "name": "17098",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17098"
              },
              {
                "name": "17285",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17285"
              },
              {
                "name": "VU#160012",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/160012"
              },
              {
                "name": "59",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/59"
              },
              {
                "name": "DSA-864",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-864"
              },
              {
                "name": "17147",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17147"
              },
              {
                "name": "APPLE-SA-2006-05-11",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
              },
              {
                "name": "19130",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19130"
              },
              {
                "name": "14909",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/14909"
              },
              {
                "name": "1014948",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/alerts/2005/Sep/1014948.html"
              },
              {
                "name": "17129",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17129"
              },
              {
                "name": "RHSA-2005:799",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-799.html"
              },
              {
                "name": "GLSA-200510-05",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml"
              },
              {
                "name": "MDKSA-2005:191",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:191"
              },
              {
                "name": "20077",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20077"
              },
              {
                "name": "USN-195-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-195-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ruby-lang.org/en/20051003.html"
              },
              {
                "name": "17094",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17094"
              },
              {
                "name": "DSA-862",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-862"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-09-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "17951",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17951"
            },
            {
              "name": "16904",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16904"
            },
            {
              "name": "ADV-2006-1779",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1779"
            },
            {
              "name": "oval:org.mitre.oval:def:10564",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10564"
            },
            {
              "name": "SUSE-SR:2006:005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
            },
            {
              "name": "TA06-132A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
            },
            {
              "name": "ruby-eval-security-bypass(22360)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22360"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/jp/JVN%2362914675/index.html"
            },
            {
              "name": "DSA-860",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-860"
            },
            {
              "name": "17098",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17098"
            },
            {
              "name": "17285",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17285"
            },
            {
              "name": "VU#160012",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/160012"
            },
            {
              "name": "59",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/59"
            },
            {
              "name": "DSA-864",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-864"
            },
            {
              "name": "17147",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17147"
            },
            {
              "name": "APPLE-SA-2006-05-11",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
            },
            {
              "name": "19130",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19130"
            },
            {
              "name": "14909",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/14909"
            },
            {
              "name": "1014948",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/alerts/2005/Sep/1014948.html"
            },
            {
              "name": "17129",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17129"
            },
            {
              "name": "RHSA-2005:799",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-799.html"
            },
            {
              "name": "GLSA-200510-05",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml"
            },
            {
              "name": "MDKSA-2005:191",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:191"
            },
            {
              "name": "20077",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20077"
            },
            {
              "name": "USN-195-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-195-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ruby-lang.org/en/20051003.html"
            },
            {
              "name": "17094",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17094"
            },
            {
              "name": "DSA-862",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-862"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2005-2337",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "17951",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17951"
                },
                {
                  "name": "16904",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/16904"
                },
                {
                  "name": "ADV-2006-1779",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1779"
                },
                {
                  "name": "oval:org.mitre.oval:def:10564",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10564"
                },
                {
                  "name": "SUSE-SR:2006:005",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
                },
                {
                  "name": "TA06-132A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
                },
                {
                  "name": "ruby-eval-security-bypass(22360)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22360"
                },
                {
                  "name": "http://jvn.jp/jp/JVN%2362914675/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/jp/JVN%2362914675/index.html"
                },
                {
                  "name": "DSA-860",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-860"
                },
                {
                  "name": "17098",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17098"
                },
                {
                  "name": "17285",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17285"
                },
                {
                  "name": "VU#160012",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/160012"
                },
                {
                  "name": "59",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/59"
                },
                {
                  "name": "DSA-864",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-864"
                },
                {
                  "name": "17147",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17147"
                },
                {
                  "name": "APPLE-SA-2006-05-11",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
                },
                {
                  "name": "19130",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19130"
                },
                {
                  "name": "14909",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/14909"
                },
                {
                  "name": "1014948",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/alerts/2005/Sep/1014948.html"
                },
                {
                  "name": "17129",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17129"
                },
                {
                  "name": "RHSA-2005:799",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2005-799.html"
                },
                {
                  "name": "GLSA-200510-05",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml"
                },
                {
                  "name": "MDKSA-2005:191",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:191"
                },
                {
                  "name": "20077",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20077"
                },
                {
                  "name": "USN-195-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-195-1"
                },
                {
                  "name": "http://www.ruby-lang.org/en/20051003.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.ruby-lang.org/en/20051003.html"
                },
                {
                  "name": "17094",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17094"
                },
                {
                  "name": "DSA-862",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-862"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2005-2337",
        "datePublished": "2005-10-07T04:00:00.000Z",
        "dateReserved": "2005-07-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:22:48.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-1992 (GCVE-0-2005-1992)

    Vulnerability from nvd – Published: 2005-06-20 04:00 – Updated: 2024-08-07 22:06
    VLAI
    Summary
    The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2005/dsa-748 vendor-advisoryx_refsource_DEBIAN
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064 x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/684913 third-party-advisoryx_refsource_CERT-VN
    http://www.redhat.com/support/errata/RHSA-2005-543.html vendor-advisoryx_refsource_REDHAT
    http://www.ciac.org/ciac/bulletins/p-312.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.securityfocus.com/bid/14016 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www2.ruby-lang.org/en/20050701.html x_refsource_CONFIRM
    http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby… x_refsource_CONFIRM
    http://www.auscert.org.au/5509 third-party-advisoryx_refsource_AUSCERT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/16920/ third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:06:57.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-748",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-748"
              },
              {
                "name": "SUSE-SR:2005:018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064"
              },
              {
                "name": "VU#684913",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/684913"
              },
              {
                "name": "RHSA-2005:543",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-543.html"
              },
              {
                "name": "P-312",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/p-312.shtml"
              },
              {
                "name": "14016",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/14016"
              },
              {
                "name": "oval:org.mitre.oval:def:10819",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www2.ruby-lang.org/en/20050701.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237"
              },
              {
                "name": "ESB-2005.0732",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_AUSCERT",
                  "x_transferred"
                ],
                "url": "http://www.auscert.org.au/5509"
              },
              {
                "name": "APPLE-SA-2005-09-22",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html"
              },
              {
                "name": "16920",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16920/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents \"security protection\" using handlers, which allows remote attackers to execute arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "DSA-748",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-748"
            },
            {
              "name": "SUSE-SR:2005:018",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064"
            },
            {
              "name": "VU#684913",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/684913"
            },
            {
              "name": "RHSA-2005:543",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-543.html"
            },
            {
              "name": "P-312",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/p-312.shtml"
            },
            {
              "name": "14016",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/14016"
            },
            {
              "name": "oval:org.mitre.oval:def:10819",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www2.ruby-lang.org/en/20050701.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237"
            },
            {
              "name": "ESB-2005.0732",
              "tags": [
                "third-party-advisory",
                "x_refsource_AUSCERT"
              ],
              "url": "http://www.auscert.org.au/5509"
            },
            {
              "name": "APPLE-SA-2005-09-22",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html"
            },
            {
              "name": "16920",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16920/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2005-1992",
        "datePublished": "2005-06-20T04:00:00.000Z",
        "dateReserved": "2005-06-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:06:57.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0983 (GCVE-0-2004-0983)

    Vulnerability from nvd – Published: 2004-11-19 05:00 – Updated: 2024-08-08 00:38
    VLAI
    Summary
    The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.redhat.com/support/errata/RHSA-2004-635.html vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://www.securityfocus.com/bid/11618 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://usn.ubuntu.com/20-1/ vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2004/dsa-586 vendor-advisoryx_refsource_DEBIAN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2004-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:38:59.645Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2004:635",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-635.html"
              },
              {
                "name": "MDKSA-2004:128",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:128"
              },
              {
                "name": "11618",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11618"
              },
              {
                "name": "oval:org.mitre.oval:def:10268",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268"
              },
              {
                "name": "USN-20-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/20-1/"
              },
              {
                "name": "DSA-586",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-586"
              },
              {
                "name": "ruby-cgi-dos(17985)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2004:635",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-635.html"
            },
            {
              "name": "MDKSA-2004:128",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:128"
            },
            {
              "name": "11618",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11618"
            },
            {
              "name": "oval:org.mitre.oval:def:10268",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268"
            },
            {
              "name": "USN-20-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/20-1/"
            },
            {
              "name": "DSA-586",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-586"
            },
            {
              "name": "ruby-cgi-dos(17985)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0983",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2004:635",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-635.html"
                },
                {
                  "name": "MDKSA-2004:128",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:128"
                },
                {
                  "name": "11618",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11618"
                },
                {
                  "name": "oval:org.mitre.oval:def:10268",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268"
                },
                {
                  "name": "USN-20-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/20-1/"
                },
                {
                  "name": "DSA-586",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-586"
                },
                {
                  "name": "ruby-cgi-dos(17985)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0983",
        "datePublished": "2004-11-19T05:00:00.000Z",
        "dateReserved": "2004-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:38:59.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0755 (GCVE-0-2004-0755)

    Vulnerability from nvd – Published: 2004-08-19 04:00 – Updated: 2024-08-08 00:31
    VLAI
    Summary
    The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.debian.org/security/2004/dsa-537 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://www.gentoo.org/security/en/glsa/glsa-20040… vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/12290/ third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2004-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:31:46.351Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:11128",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11128"
              },
              {
                "name": "DSA-537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-537"
              },
              {
                "name": "MDKSA-2004:128",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:128"
              },
              {
                "name": "GLSA-200409-08",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-08.xml"
              },
              {
                "name": "12290",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12290/"
              },
              {
                "name": "ruby-filestore-pstore-insecure-permission(16996)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16996"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:11128",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11128"
            },
            {
              "name": "DSA-537",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-537"
            },
            {
              "name": "MDKSA-2004:128",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:128"
            },
            {
              "name": "GLSA-200409-08",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-08.xml"
            },
            {
              "name": "12290",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12290/"
            },
            {
              "name": "ruby-filestore-pstore-insecure-permission(16996)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16996"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0755",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:11128",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11128"
                },
                {
                  "name": "DSA-537",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-537"
                },
                {
                  "name": "MDKSA-2004:128",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:128"
                },
                {
                  "name": "GLSA-200409-08",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-08.xml"
                },
                {
                  "name": "12290",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12290/"
                },
                {
                  "name": "ruby-filestore-pstore-insecure-permission(16996)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16996"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0755",
        "datePublished": "2004-08-19T04:00:00.000Z",
        "dateReserved": "2004-07-28T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:31:46.351Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-6303 (GCVE-0-2006-6303)

    Vulnerability from cvelistv5 – Published: 2006-12-06 19:00 – Updated: 2024-08-07 20:19
    VLAI
    Summary
    The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://docs.info.apple.com/article.html?artnum=305530 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/usn-394-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/31090 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27576 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/1939 vdb-entryx_refsource_VUPEN
    http://jvn.jp/jp/JVN%2384798830/index.html third-party-advisoryx_refsource_JVN
    http://secunia.com/advisories/23268 third-party-advisoryx_refsource_SECUNIA
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://bugzilla.redhat.com/bugzilla/show_bug.cgi?… x_refsource_MISC
    http://www.ruby-lang.org/en/news/2006/12/04/anoth… x_refsource_CONFIRM
    http://secunia.com/advisories/25402 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/23165 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2007-09… vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1017363 vdb-entryx_refsource_SECTRACK
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://bugs.gentoo.org/show_bug.cgi?id=157048 x_refsource_MISC
    http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/… x_refsource_MISC
    http://www.vupen.com/english/advisories/2006/4855 vdb-entryx_refsource_VUPEN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://security.gentoo.org/glsa/glsa-200612-21.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/23454 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/21441 vdb-entryx_refsource_BID
    Date Public
    2006-12-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:19:35.192Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=305530"
              },
              {
                "name": "USN-394-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-394-1"
              },
              {
                "name": "31090",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31090"
              },
              {
                "name": "27576",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27576"
              },
              {
                "name": "ADV-2007-1939",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1939"
              },
              {
                "name": "JVN#84798830",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/jp/JVN%2384798830/index.html"
              },
              {
                "name": "23268",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23268"
              },
              {
                "name": "APPLE-SA-2007-05-24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/"
              },
              {
                "name": "25402",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25402"
              },
              {
                "name": "23165",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23165"
              },
              {
                "name": "RHSA-2007:0961",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0961.html"
              },
              {
                "name": "oval:org.mitre.oval:def:10529",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10529"
              },
              {
                "name": "ruby-cgi-library-dos(30734)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30734"
              },
              {
                "name": "1017363",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1017363"
              },
              {
                "name": "SUSE-SR:2007:004",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=157048"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h\u0026only_with_tag=MAIN\u0026r1=text\u0026tr1=1.92\u0026r2=text\u0026tr2=1.91"
              },
              {
                "name": "ADV-2006-4855",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4855"
              },
              {
                "name": "MDKSA-2006:225",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:225"
              },
              {
                "name": "GLSA-200612-21",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200612-21.xml"
              },
              {
                "name": "23454",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23454"
              },
              {
                "name": "21441",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21441"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-12-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=305530"
            },
            {
              "name": "USN-394-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-394-1"
            },
            {
              "name": "31090",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31090"
            },
            {
              "name": "27576",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27576"
            },
            {
              "name": "ADV-2007-1939",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1939"
            },
            {
              "name": "JVN#84798830",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/jp/JVN%2384798830/index.html"
            },
            {
              "name": "23268",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23268"
            },
            {
              "name": "APPLE-SA-2007-05-24",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/"
            },
            {
              "name": "25402",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25402"
            },
            {
              "name": "23165",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23165"
            },
            {
              "name": "RHSA-2007:0961",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0961.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10529",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10529"
            },
            {
              "name": "ruby-cgi-library-dos(30734)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30734"
            },
            {
              "name": "1017363",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1017363"
            },
            {
              "name": "SUSE-SR:2007:004",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=157048"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h\u0026only_with_tag=MAIN\u0026r1=text\u0026tr1=1.92\u0026r2=text\u0026tr2=1.91"
            },
            {
              "name": "ADV-2006-4855",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4855"
            },
            {
              "name": "MDKSA-2006:225",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:225"
            },
            {
              "name": "GLSA-200612-21",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200612-21.xml"
            },
            {
              "name": "23454",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23454"
            },
            {
              "name": "21441",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21441"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-6303",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=305530",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=305530"
                },
                {
                  "name": "USN-394-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-394-1"
                },
                {
                  "name": "31090",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31090"
                },
                {
                  "name": "27576",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27576"
                },
                {
                  "name": "ADV-2007-1939",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1939"
                },
                {
                  "name": "JVN#84798830",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/jp/JVN%2384798830/index.html"
                },
                {
                  "name": "23268",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23268"
                },
                {
                  "name": "APPLE-SA-2007-05-24",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
                },
                {
                  "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287",
                  "refsource": "MISC",
                  "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287"
                },
                {
                  "name": "http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/",
                  "refsource": "CONFIRM",
                  "url": "http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/"
                },
                {
                  "name": "25402",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25402"
                },
                {
                  "name": "23165",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23165"
                },
                {
                  "name": "RHSA-2007:0961",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0961.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:10529",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10529"
                },
                {
                  "name": "ruby-cgi-library-dos(30734)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30734"
                },
                {
                  "name": "1017363",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1017363"
                },
                {
                  "name": "SUSE-SR:2007:004",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
                },
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=157048",
                  "refsource": "MISC",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=157048"
                },
                {
                  "name": "http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h\u0026only_with_tag=MAIN\u0026r1=text\u0026tr1=1.92\u0026r2=text\u0026tr2=1.91",
                  "refsource": "MISC",
                  "url": "http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h\u0026only_with_tag=MAIN\u0026r1=text\u0026tr1=1.92\u0026r2=text\u0026tr2=1.91"
                },
                {
                  "name": "ADV-2006-4855",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4855"
                },
                {
                  "name": "MDKSA-2006:225",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:225"
                },
                {
                  "name": "GLSA-200612-21",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200612-21.xml"
                },
                {
                  "name": "23454",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23454"
                },
                {
                  "name": "21441",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21441"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-6303",
        "datePublished": "2006-12-06T19:00:00.000Z",
        "dateReserved": "2006-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:19:35.192Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5467 (GCVE-0-2006-5467)

    Vulnerability from cvelistv5 – Published: 2006-10-27 18:00 – Updated: 2024-08-07 19:48
    VLAI
    Summary
    The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200611-12.xml vendor-advisoryx_refsource_GENTOO
    http://docs.info.apple.com/article.html?artnum=305530 x_refsource_CONFIRM
    http://secunia.com/advisories/22932 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/1939 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/23344 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/22615 third-party-advisoryx_refsource_SECUNIA
    http://www.openpkg.org/security/advisories/OpenPK… vendor-advisoryx_refsource_OPENPKG
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/22761 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/25402 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/23040 third-party-advisoryx_refsource_SECUNIA
    http://rubyforge.org/pipermail/mongrel-users/2006… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/20777 vdb-entryx_refsource_BID
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://securitytracker.com/id?1017194 vdb-entryx_refsource_SECTRACK
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    http://www.debian.org/security/2006/dsa-1235 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/usn-371-1 vendor-advisoryx_refsource_UBUNTU
    http://www.vupen.com/english/advisories/2006/4244 vdb-entryx_refsource_VUPEN
    http://www.redhat.com/support/errata/RHSA-2006-07… vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2006/dsa-1234 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/22929 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/4245 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/22624 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2006-10-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:48:30.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200611-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200611-12.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=305530"
              },
              {
                "name": "22932",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22932"
              },
              {
                "name": "ADV-2007-1939",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1939"
              },
              {
                "name": "23344",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23344"
              },
              {
                "name": "22615",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22615"
              },
              {
                "name": "OpenPKG-SA-2006.030",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_OPENPKG",
                  "x_transferred"
                ],
                "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html"
              },
              {
                "name": "APPLE-SA-2007-05-24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
              },
              {
                "name": "oval:org.mitre.oval:def:10185",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185"
              },
              {
                "name": "22761",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22761"
              },
              {
                "name": "25402",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25402"
              },
              {
                "name": "SUSE-SR:2006:026",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
              },
              {
                "name": "23040",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23040"
              },
              {
                "name": "[mongrel-users] 20061025 [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html"
              },
              {
                "name": "20777",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20777"
              },
              {
                "name": "MDKSA-2006:192",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:192"
              },
              {
                "name": "1017194",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1017194"
              },
              {
                "name": "20061101-01-P",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
              },
              {
                "name": "DSA-1235",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1235"
              },
              {
                "name": "USN-371-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-371-1"
              },
              {
                "name": "ADV-2006-4244",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4244"
              },
              {
                "name": "RHSA-2006:0729",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2006-0729.html"
              },
              {
                "name": "DSA-1234",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1234"
              },
              {
                "name": "22929",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22929"
              },
              {
                "name": "ADV-2006-4245",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4245"
              },
              {
                "name": "22624",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22624"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a \"-\" instead of \"--\" and contains an inconsistent ID."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "GLSA-200611-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200611-12.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=305530"
            },
            {
              "name": "22932",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22932"
            },
            {
              "name": "ADV-2007-1939",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1939"
            },
            {
              "name": "23344",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23344"
            },
            {
              "name": "22615",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22615"
            },
            {
              "name": "OpenPKG-SA-2006.030",
              "tags": [
                "vendor-advisory",
                "x_refsource_OPENPKG"
              ],
              "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html"
            },
            {
              "name": "APPLE-SA-2007-05-24",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10185",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185"
            },
            {
              "name": "22761",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22761"
            },
            {
              "name": "25402",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25402"
            },
            {
              "name": "SUSE-SR:2006:026",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
            },
            {
              "name": "23040",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23040"
            },
            {
              "name": "[mongrel-users] 20061025 [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html"
            },
            {
              "name": "20777",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20777"
            },
            {
              "name": "MDKSA-2006:192",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:192"
            },
            {
              "name": "1017194",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1017194"
            },
            {
              "name": "20061101-01-P",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
            },
            {
              "name": "DSA-1235",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1235"
            },
            {
              "name": "USN-371-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-371-1"
            },
            {
              "name": "ADV-2006-4244",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4244"
            },
            {
              "name": "RHSA-2006:0729",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0729.html"
            },
            {
              "name": "DSA-1234",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1234"
            },
            {
              "name": "22929",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22929"
            },
            {
              "name": "ADV-2006-4245",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4245"
            },
            {
              "name": "22624",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22624"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2006-5467",
        "datePublished": "2006-10-27T18:00:00.000Z",
        "dateReserved": "2006-10-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:48:30.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3694 (GCVE-0-2006-3694)

    Vulnerability from cvelistv5 – Published: 2006-07-19 01:00 – Updated: 2024-08-07 18:39
    VLAI
    Summary
    Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    http://www.securityfocus.com/bid/18944 vdb-entryx_refsource_BID
    http://secunia.com/advisories/21657 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/21749 third-party-advisoryx_refsource_SECUNIA
    http://jvn.jp/jp/JVN%2313947696/index.html third-party-advisoryx_refsource_JVN
    http://secunia.com/advisories/21009 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/21598 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/21233 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/2760 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/27144 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/27145 vdb-entryx_refsource_OSVDB
    http://www.ubuntu.com/usn/usn-325-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2006/dsa-1157 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/21337 third-party-advisoryx_refsource_SECUNIA
    http://lists.freebsd.org/pipermail/freebsd-securi… mailing-listx_refsource_MLIST
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/21272 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/21236 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2006/dsa-1139 vendor-advisoryx_refsource_DEBIAN
    http://www.redhat.com/support/errata/RHSA-2006-06… vendor-advisoryx_refsource_REDHAT
    http://jvn.jp/jp/JVN%2383768862/index.html third-party-advisoryx_refsource_JVN
    http://lists.freebsd.org/pipermail/freebsd-securi… mailing-listx_refsource_MLIST
    Date Public
    2006-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:39:53.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060801-01-P",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
              },
              {
                "name": "18944",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18944"
              },
              {
                "name": "21657",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21657"
              },
              {
                "name": "oval:org.mitre.oval:def:9983",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983"
              },
              {
                "name": "21749",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21749"
              },
              {
                "name": "JVN#13947696",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/jp/JVN%2313947696/index.html"
              },
              {
                "name": "21009",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21009"
              },
              {
                "name": "MDKSA-2006:134",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:134"
              },
              {
                "name": "21598",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21598"
              },
              {
                "name": "21233",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21233"
              },
              {
                "name": "ADV-2006-2760",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2760"
              },
              {
                "name": "ruby-alias-directory-security-bypass(27725)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27725"
              },
              {
                "name": "27144",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/27144"
              },
              {
                "name": "27145",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/27145"
              },
              {
                "name": "USN-325-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-325-1"
              },
              {
                "name": "DSA-1157",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1157"
              },
              {
                "name": "21337",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21337"
              },
              {
                "name": "[freebsd-security] 20060728 Ruby vulnerability?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html"
              },
              {
                "name": "SUSE-SR:2006:021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html"
              },
              {
                "name": "21272",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21272"
              },
              {
                "name": "21236",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21236"
              },
              {
                "name": "DSA-1139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1139"
              },
              {
                "name": "RHSA-2006:0604",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2006-0604.html"
              },
              {
                "name": "JVN#83768862",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/jp/JVN%2383768862/index.html"
              },
              {
                "name": "[freebsd-security] 20060730 Ruby vulnerability?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass \"safe level\" checks via unspecified vectors involving (1) the alias function and (2) \"directory operations\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060801-01-P",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
            },
            {
              "name": "18944",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18944"
            },
            {
              "name": "21657",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21657"
            },
            {
              "name": "oval:org.mitre.oval:def:9983",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983"
            },
            {
              "name": "21749",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21749"
            },
            {
              "name": "JVN#13947696",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/jp/JVN%2313947696/index.html"
            },
            {
              "name": "21009",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21009"
            },
            {
              "name": "MDKSA-2006:134",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:134"
            },
            {
              "name": "21598",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21598"
            },
            {
              "name": "21233",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21233"
            },
            {
              "name": "ADV-2006-2760",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2760"
            },
            {
              "name": "ruby-alias-directory-security-bypass(27725)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27725"
            },
            {
              "name": "27144",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/27144"
            },
            {
              "name": "27145",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/27145"
            },
            {
              "name": "USN-325-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-325-1"
            },
            {
              "name": "DSA-1157",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1157"
            },
            {
              "name": "21337",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21337"
            },
            {
              "name": "[freebsd-security] 20060728 Ruby vulnerability?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html"
            },
            {
              "name": "SUSE-SR:2006:021",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html"
            },
            {
              "name": "21272",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21272"
            },
            {
              "name": "21236",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21236"
            },
            {
              "name": "DSA-1139",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1139"
            },
            {
              "name": "RHSA-2006:0604",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0604.html"
            },
            {
              "name": "JVN#83768862",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/jp/JVN%2383768862/index.html"
            },
            {
              "name": "[freebsd-security] 20060730 Ruby vulnerability?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3694",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass \"safe level\" checks via unspecified vectors involving (1) the alias function and (2) \"directory operations\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060801-01-P",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
                },
                {
                  "name": "18944",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18944"
                },
                {
                  "name": "21657",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21657"
                },
                {
                  "name": "oval:org.mitre.oval:def:9983",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983"
                },
                {
                  "name": "21749",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21749"
                },
                {
                  "name": "JVN#13947696",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/jp/JVN%2313947696/index.html"
                },
                {
                  "name": "21009",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21009"
                },
                {
                  "name": "MDKSA-2006:134",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:134"
                },
                {
                  "name": "21598",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21598"
                },
                {
                  "name": "21233",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21233"
                },
                {
                  "name": "ADV-2006-2760",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2760"
                },
                {
                  "name": "ruby-alias-directory-security-bypass(27725)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27725"
                },
                {
                  "name": "27144",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/27144"
                },
                {
                  "name": "27145",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/27145"
                },
                {
                  "name": "USN-325-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-325-1"
                },
                {
                  "name": "DSA-1157",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1157"
                },
                {
                  "name": "21337",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21337"
                },
                {
                  "name": "[freebsd-security] 20060728 Ruby vulnerability?",
                  "refsource": "MLIST",
                  "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html"
                },
                {
                  "name": "SUSE-SR:2006:021",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html"
                },
                {
                  "name": "21272",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21272"
                },
                {
                  "name": "21236",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21236"
                },
                {
                  "name": "DSA-1139",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1139"
                },
                {
                  "name": "RHSA-2006:0604",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2006-0604.html"
                },
                {
                  "name": "JVN#83768862",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/jp/JVN%2383768862/index.html"
                },
                {
                  "name": "[freebsd-security] 20060730 Ruby vulnerability?",
                  "refsource": "MLIST",
                  "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3694",
        "datePublished": "2006-07-19T01:00:00.000Z",
        "dateReserved": "2006-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:39:53.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1931 (GCVE-0-2006-1931)

    Vulnerability from cvelistv5 – Published: 2006-04-20 21:00 – Updated: 2024-08-07 17:27
    VLAI
    Summary
    The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/19772 third-party-advisoryx_refsource_SECUNIA
    http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby… x_refsource_MISC
    http://secunia.com/advisories/21657 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/16904 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-w… x_refsource_MISC
    https://usn.ubuntu.com/273-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/20024 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/17645 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.redhat.com/support/errata/RHSA-2006-04… vendor-advisoryx_refsource_REDHAT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.gentoo.org/security/en/glsa/glsa-20060… vendor-advisoryx_refsource_GENTOO
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi… x_refsource_CONFIRM
    http://securitytracker.com/id?1015978 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2006/dsa-1157 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/19804 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/20064 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/20457 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/24972 vdb-entryx_refsource_OSVDB
    ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-x… x_refsource_MISC
    Date Public
    2005-11-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:27:29.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19772",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19772"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787"
              },
              {
                "name": "21657",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21657"
              },
              {
                "name": "16904",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16904"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-webrick-dos-1.patch"
              },
              {
                "name": "USN-273-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/273-1/"
              },
              {
                "name": "20024",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20024"
              },
              {
                "name": "17645",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17645"
              },
              {
                "name": "oval:org.mitre.oval:def:11100",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11100"
              },
              {
                "name": "SUSE-SR:2006:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006-06-02.html"
              },
              {
                "name": "RHSA-2006:0427",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2006-0427.html"
              },
              {
                "name": "ruby-socket-dos(26102)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26102"
              },
              {
                "name": "GLSA-200605-11",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-11.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540"
              },
              {
                "name": "1015978",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015978"
              },
              {
                "name": "DSA-1157",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1157"
              },
              {
                "name": "19804",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19804"
              },
              {
                "name": "MDKSA-2006:079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:079"
              },
              {
                "name": "20064",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20064"
              },
              {
                "name": "20457",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20457"
              },
              {
                "name": "24972",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24972"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-xmlrpc-dos-1.patch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "19772",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19772"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787"
            },
            {
              "name": "21657",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21657"
            },
            {
              "name": "16904",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16904"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-webrick-dos-1.patch"
            },
            {
              "name": "USN-273-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/273-1/"
            },
            {
              "name": "20024",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20024"
            },
            {
              "name": "17645",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17645"
            },
            {
              "name": "oval:org.mitre.oval:def:11100",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11100"
            },
            {
              "name": "SUSE-SR:2006:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006-06-02.html"
            },
            {
              "name": "RHSA-2006:0427",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0427.html"
            },
            {
              "name": "ruby-socket-dos(26102)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26102"
            },
            {
              "name": "GLSA-200605-11",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-11.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540"
            },
            {
              "name": "1015978",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015978"
            },
            {
              "name": "DSA-1157",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1157"
            },
            {
              "name": "19804",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19804"
            },
            {
              "name": "MDKSA-2006:079",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:079"
            },
            {
              "name": "20064",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20064"
            },
            {
              "name": "20457",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20457"
            },
            {
              "name": "24972",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24972"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-xmlrpc-dos-1.patch"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2006-1931",
        "datePublished": "2006-04-20T21:00:00.000Z",
        "dateReserved": "2006-04-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:27:29.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2337 (GCVE-0-2005-2337)

    Vulnerability from cvelistv5 – Published: 2005-10-07 04:00 – Updated: 2024-08-07 22:22
    VLAI
    Summary
    Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/17951 vdb-entryx_refsource_BID
    http://secunia.com/advisories/16904 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/1779 vdb-entryx_refsource_VUPEN
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.us-cert.gov/cas/techalerts/TA06-132A.html third-party-advisoryx_refsource_CERT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://jvn.jp/jp/JVN%2362914675/index.html x_refsource_MISC
    http://www.debian.org/security/2005/dsa-860 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/17098 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/17285 third-party-advisoryx_refsource_SECUNIA
    http://www.kb.cert.org/vuls/id/160012 third-party-advisoryx_refsource_CERT-VN
    http://securityreason.com/securityalert/59 third-party-advisoryx_refsource_SREASON
    http://www.debian.org/security/2005/dsa-864 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/17147 third-party-advisoryx_refsource_SECUNIA
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/19130 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/14909 vdb-entryx_refsource_BID
    http://www.securitytracker.com/alerts/2005/Sep/10… vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/17129 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2005-799.html vendor-advisoryx_refsource_REDHAT
    http://www.gentoo.org/security/en/glsa/glsa-20051… vendor-advisoryx_refsource_GENTOO
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/20077 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-195-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ruby-lang.org/en/20051003.html x_refsource_CONFIRM
    http://secunia.com/advisories/17094 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2005/dsa-862 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2005-09-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:22:48.597Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "17951",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17951"
              },
              {
                "name": "16904",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16904"
              },
              {
                "name": "ADV-2006-1779",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1779"
              },
              {
                "name": "oval:org.mitre.oval:def:10564",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10564"
              },
              {
                "name": "SUSE-SR:2006:005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
              },
              {
                "name": "TA06-132A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
              },
              {
                "name": "ruby-eval-security-bypass(22360)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22360"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/jp/JVN%2362914675/index.html"
              },
              {
                "name": "DSA-860",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-860"
              },
              {
                "name": "17098",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17098"
              },
              {
                "name": "17285",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17285"
              },
              {
                "name": "VU#160012",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/160012"
              },
              {
                "name": "59",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/59"
              },
              {
                "name": "DSA-864",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-864"
              },
              {
                "name": "17147",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17147"
              },
              {
                "name": "APPLE-SA-2006-05-11",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
              },
              {
                "name": "19130",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19130"
              },
              {
                "name": "14909",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/14909"
              },
              {
                "name": "1014948",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/alerts/2005/Sep/1014948.html"
              },
              {
                "name": "17129",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17129"
              },
              {
                "name": "RHSA-2005:799",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-799.html"
              },
              {
                "name": "GLSA-200510-05",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml"
              },
              {
                "name": "MDKSA-2005:191",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:191"
              },
              {
                "name": "20077",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20077"
              },
              {
                "name": "USN-195-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-195-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ruby-lang.org/en/20051003.html"
              },
              {
                "name": "17094",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17094"
              },
              {
                "name": "DSA-862",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-862"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-09-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "17951",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17951"
            },
            {
              "name": "16904",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16904"
            },
            {
              "name": "ADV-2006-1779",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1779"
            },
            {
              "name": "oval:org.mitre.oval:def:10564",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10564"
            },
            {
              "name": "SUSE-SR:2006:005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
            },
            {
              "name": "TA06-132A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
            },
            {
              "name": "ruby-eval-security-bypass(22360)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22360"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/jp/JVN%2362914675/index.html"
            },
            {
              "name": "DSA-860",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-860"
            },
            {
              "name": "17098",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17098"
            },
            {
              "name": "17285",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17285"
            },
            {
              "name": "VU#160012",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/160012"
            },
            {
              "name": "59",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/59"
            },
            {
              "name": "DSA-864",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-864"
            },
            {
              "name": "17147",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17147"
            },
            {
              "name": "APPLE-SA-2006-05-11",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
            },
            {
              "name": "19130",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19130"
            },
            {
              "name": "14909",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/14909"
            },
            {
              "name": "1014948",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/alerts/2005/Sep/1014948.html"
            },
            {
              "name": "17129",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17129"
            },
            {
              "name": "RHSA-2005:799",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-799.html"
            },
            {
              "name": "GLSA-200510-05",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml"
            },
            {
              "name": "MDKSA-2005:191",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:191"
            },
            {
              "name": "20077",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20077"
            },
            {
              "name": "USN-195-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-195-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ruby-lang.org/en/20051003.html"
            },
            {
              "name": "17094",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17094"
            },
            {
              "name": "DSA-862",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-862"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2005-2337",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "17951",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17951"
                },
                {
                  "name": "16904",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/16904"
                },
                {
                  "name": "ADV-2006-1779",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1779"
                },
                {
                  "name": "oval:org.mitre.oval:def:10564",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10564"
                },
                {
                  "name": "SUSE-SR:2006:005",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
                },
                {
                  "name": "TA06-132A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
                },
                {
                  "name": "ruby-eval-security-bypass(22360)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22360"
                },
                {
                  "name": "http://jvn.jp/jp/JVN%2362914675/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/jp/JVN%2362914675/index.html"
                },
                {
                  "name": "DSA-860",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-860"
                },
                {
                  "name": "17098",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17098"
                },
                {
                  "name": "17285",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17285"
                },
                {
                  "name": "VU#160012",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/160012"
                },
                {
                  "name": "59",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/59"
                },
                {
                  "name": "DSA-864",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-864"
                },
                {
                  "name": "17147",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17147"
                },
                {
                  "name": "APPLE-SA-2006-05-11",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
                },
                {
                  "name": "19130",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19130"
                },
                {
                  "name": "14909",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/14909"
                },
                {
                  "name": "1014948",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/alerts/2005/Sep/1014948.html"
                },
                {
                  "name": "17129",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17129"
                },
                {
                  "name": "RHSA-2005:799",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2005-799.html"
                },
                {
                  "name": "GLSA-200510-05",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml"
                },
                {
                  "name": "MDKSA-2005:191",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:191"
                },
                {
                  "name": "20077",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20077"
                },
                {
                  "name": "USN-195-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-195-1"
                },
                {
                  "name": "http://www.ruby-lang.org/en/20051003.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.ruby-lang.org/en/20051003.html"
                },
                {
                  "name": "17094",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17094"
                },
                {
                  "name": "DSA-862",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-862"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2005-2337",
        "datePublished": "2005-10-07T04:00:00.000Z",
        "dateReserved": "2005-07-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:22:48.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-1992 (GCVE-0-2005-1992)

    Vulnerability from cvelistv5 – Published: 2005-06-20 04:00 – Updated: 2024-08-07 22:06
    VLAI
    Summary
    The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2005/dsa-748 vendor-advisoryx_refsource_DEBIAN
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064 x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/684913 third-party-advisoryx_refsource_CERT-VN
    http://www.redhat.com/support/errata/RHSA-2005-543.html vendor-advisoryx_refsource_REDHAT
    http://www.ciac.org/ciac/bulletins/p-312.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.securityfocus.com/bid/14016 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www2.ruby-lang.org/en/20050701.html x_refsource_CONFIRM
    http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby… x_refsource_CONFIRM
    http://www.auscert.org.au/5509 third-party-advisoryx_refsource_AUSCERT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/16920/ third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:06:57.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-748",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-748"
              },
              {
                "name": "SUSE-SR:2005:018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064"
              },
              {
                "name": "VU#684913",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/684913"
              },
              {
                "name": "RHSA-2005:543",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-543.html"
              },
              {
                "name": "P-312",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/p-312.shtml"
              },
              {
                "name": "14016",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/14016"
              },
              {
                "name": "oval:org.mitre.oval:def:10819",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www2.ruby-lang.org/en/20050701.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237"
              },
              {
                "name": "ESB-2005.0732",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_AUSCERT",
                  "x_transferred"
                ],
                "url": "http://www.auscert.org.au/5509"
              },
              {
                "name": "APPLE-SA-2005-09-22",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html"
              },
              {
                "name": "16920",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16920/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents \"security protection\" using handlers, which allows remote attackers to execute arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "DSA-748",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-748"
            },
            {
              "name": "SUSE-SR:2005:018",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064"
            },
            {
              "name": "VU#684913",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/684913"
            },
            {
              "name": "RHSA-2005:543",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-543.html"
            },
            {
              "name": "P-312",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/p-312.shtml"
            },
            {
              "name": "14016",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/14016"
            },
            {
              "name": "oval:org.mitre.oval:def:10819",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www2.ruby-lang.org/en/20050701.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237"
            },
            {
              "name": "ESB-2005.0732",
              "tags": [
                "third-party-advisory",
                "x_refsource_AUSCERT"
              ],
              "url": "http://www.auscert.org.au/5509"
            },
            {
              "name": "APPLE-SA-2005-09-22",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html"
            },
            {
              "name": "16920",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16920/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2005-1992",
        "datePublished": "2005-06-20T04:00:00.000Z",
        "dateReserved": "2005-06-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:06:57.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0983 (GCVE-0-2004-0983)

    Vulnerability from cvelistv5 – Published: 2004-11-19 05:00 – Updated: 2024-08-08 00:38
    VLAI
    Summary
    The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.redhat.com/support/errata/RHSA-2004-635.html vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://www.securityfocus.com/bid/11618 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://usn.ubuntu.com/20-1/ vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2004/dsa-586 vendor-advisoryx_refsource_DEBIAN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2004-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:38:59.645Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2004:635",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-635.html"
              },
              {
                "name": "MDKSA-2004:128",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:128"
              },
              {
                "name": "11618",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11618"
              },
              {
                "name": "oval:org.mitre.oval:def:10268",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268"
              },
              {
                "name": "USN-20-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/20-1/"
              },
              {
                "name": "DSA-586",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-586"
              },
              {
                "name": "ruby-cgi-dos(17985)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2004:635",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-635.html"
            },
            {
              "name": "MDKSA-2004:128",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:128"
            },
            {
              "name": "11618",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11618"
            },
            {
              "name": "oval:org.mitre.oval:def:10268",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268"
            },
            {
              "name": "USN-20-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/20-1/"
            },
            {
              "name": "DSA-586",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-586"
            },
            {
              "name": "ruby-cgi-dos(17985)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0983",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2004:635",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-635.html"
                },
                {
                  "name": "MDKSA-2004:128",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:128"
                },
                {
                  "name": "11618",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11618"
                },
                {
                  "name": "oval:org.mitre.oval:def:10268",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268"
                },
                {
                  "name": "USN-20-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/20-1/"
                },
                {
                  "name": "DSA-586",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-586"
                },
                {
                  "name": "ruby-cgi-dos(17985)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0983",
        "datePublished": "2004-11-19T05:00:00.000Z",
        "dateReserved": "2004-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:38:59.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0755 (GCVE-0-2004-0755)

    Vulnerability from cvelistv5 – Published: 2004-08-19 04:00 – Updated: 2024-08-08 00:31
    VLAI
    Summary
    The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.debian.org/security/2004/dsa-537 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://www.gentoo.org/security/en/glsa/glsa-20040… vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/12290/ third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2004-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:31:46.351Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:11128",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11128"
              },
              {
                "name": "DSA-537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-537"
              },
              {
                "name": "MDKSA-2004:128",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:128"
              },
              {
                "name": "GLSA-200409-08",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-08.xml"
              },
              {
                "name": "12290",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12290/"
              },
              {
                "name": "ruby-filestore-pstore-insecure-permission(16996)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16996"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:11128",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11128"
            },
            {
              "name": "DSA-537",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-537"
            },
            {
              "name": "MDKSA-2004:128",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:128"
            },
            {
              "name": "GLSA-200409-08",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-08.xml"
            },
            {
              "name": "12290",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12290/"
            },
            {
              "name": "ruby-filestore-pstore-insecure-permission(16996)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16996"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0755",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:11128",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11128"
                },
                {
                  "name": "DSA-537",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-537"
                },
                {
                  "name": "MDKSA-2004:128",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:128"
                },
                {
                  "name": "GLSA-200409-08",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-08.xml"
                },
                {
                  "name": "12290",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12290/"
                },
                {
                  "name": "ruby-filestore-pstore-insecure-permission(16996)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16996"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0755",
        "datePublished": "2004-08-19T04:00:00.000Z",
        "dateReserved": "2004-07-28T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:31:46.351Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }