CVE-2004-0755Matsumoto Ruby vulnerability

7 documents6 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 81.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Yukihiro Matsumoto Ruby
Timeline
PublishedOct 20
Latest updateApr 29

Description

The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDyukihiro_matsumoto/ruby1.6, 1.8+1

Patches

Patch: www.debian.orgPatch: www.gentoo.orgPatch: www.debian.org

🔴Vulnerability Details

2
GHSA
GHSA-59m9-8c72-5426: The FileStore capability in CGI::Session for Ruby before 12022-04-29
CVEList
CVE-2004-0755: The FileStore capability in CGI::Session for Ruby before 12004-08-19

💥Exploits & PoCs

1
Exploit-DB
Apple Mac OSX Adobe Version Cue - Local Privilege Escalation2004-12-08

📋Vendor Advisories

1
Red Hat
security flaw2004-07-22

💬Community

1
Bugzilla
CVE-2004-0755 security flaw2018-08-16
CVE-2004-0755 — Yukihiro Matsumoto Ruby vulnerability | cvebase