CVE-2005-1992 — Matsumoto Ruby vulnerability

6 documents6 sources

Severity

7.5HIGHNVD

EPSS

8.8%

top 7.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Yukihiro Matsumoto Ruby

Timeline

PublishedJun 20

Latest updateMay 1

Description

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDyukihiro_matsumoto/ruby1.8

Patches

Patch: blade.nagaokaut.ac.jp ↗Patch: blade.nagaokaut.ac.jp ↗

🔴Vulnerability Details

GHSA

GHSA-vf66-crpm-448h: The XMLRPC server in utils↗2022-05-01

▶

CVEList

CVE-2005-1992: The XMLRPC server in utils↗2005-06-20

▶

📋Vendor Advisories

Ubuntu

Ruby vulnerability↗2005-06-29

▶

Red Hat

security flaw↗2005-06-17

▶

💬Community

Bugzilla

CVE-2005-1992 security flaw↗2018-08-16

▶