Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2012-6135
Vulnerability from gsd - Updated: 2012-02-01 00:00Details
Phusion Passenger Gem for Ruby contains a flaw that is triggered during application startup. This issue may allow a local attacker to delete arbitrary files via an application process. If the program has completed the start up process this vulnerability is no longer exploitable.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-6135",
"description": "RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.",
"id": "GSD-2012-6135",
"references": [
"https://www.suse.com/security/cve/CVE-2012-6135.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "passenger",
"purl": "pkg:gem/passenger"
}
}
],
"aliases": [
"CVE-2012-6135",
"OSVDB-90738"
],
"details": "Phusion Passenger Gem for Ruby contains a flaw that is triggered during application startup. This issue may allow a local attacker to delete arbitrary files via an application process. If the program has completed the start up process this vulnerability is no longer exploitable.",
"id": "GSD-2012-6135",
"modified": "2012-02-01T00:00:00.000Z",
"published": "2012-02-01T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "http://old.blog.phusion.nl/2013/03/05/phusion-passenger-4-0-beta-1-and-2-arbitrary-file-deletion-vulnerability/"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 2.1,
"type": "CVSS_V2"
}
],
"summary": "Phusion Passenger Gem for Ruby Arbitrary File Deletion"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ruby-passenger",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.53-1"
}
]
}
}
]
},
"vendor_name": "ruby-passenger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/03/02/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/03/02/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6135",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6135"
},
{
"name": "https://www.securityfocus.com/bid/58259",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/58259"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2012-6135",
"cvss_v2": 2.1,
"date": "2012-02-01",
"description": "Phusion Passenger Gem for Ruby contains a flaw that is triggered during application startup. This issue may allow a local attacker to delete arbitrary files via an application process. If the program has completed the start up process this vulnerability is no longer exploitable.",
"gem": "passenger",
"osvdb": 90738,
"patched_versions": [
"\u003e= 4.0.0"
],
"title": "Phusion Passenger Gem for Ruby Arbitrary File Deletion",
"unaffected_versions": [
"\u003c 4.0.0"
],
"url": "http://old.blog.phusion.nl/2013/03/05/phusion-passenger-4-0-beta-1-and-2-arbitrary-file-deletion-vulnerability/"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "=4.0.0||=1.0",
"affected_versions": "Version 4.0.0, version 1.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2019-11-21",
"description": "RubyGems passenger betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.",
"fixed_versions": [
"1.0.1",
"4.0.1"
],
"identifier": "CVE-2012-6135",
"identifiers": [
"CVE-2012-6135"
],
"not_impacted": "All versions before 4.0.0, all versions after 4.0.0, all versions before 1.0, all versions after 1.0",
"package_slug": "gem/passenger",
"pubdate": "2019-11-19",
"solution": "Upgrade to versions 1.0.1, 4.0.1 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2012-6135",
"https://security-tracker.debian.org/tracker/CVE-2012-6135",
"http://www.openwall.com/lists/oss-security/2013/03/02/1",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135",
"https://www.securityfocus.com/bid/58259",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/82533"
],
"uuid": "e925579d-e838-4dd6-9409-977d323882b5"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:phusion:passenger:4.0.0:beta1:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phusion:passenger:4.0.0:beta2:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6135"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6135",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6135"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/03/02/1",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/02/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135"
},
{
"name": "58259",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/58259"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-11-21T15:42Z",
"publishedDate": "2019-11-19T17:15Z"
}
}
}