CVE-2005-1992
published 2005-06-20CVE-2005-1992: The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
6.57%
93.0th percentile
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yukihiro_matsumoto | ruby | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ruby vulnerability
vendor_ubuntu·2005-06-29
CVE-2005-1992 Ruby vulnerability
Title: Ruby vulnerability
Summary: Ruby vulnerability
Nobuhiro IMAI discovered that the changed default value of the
Module#public_instance_methods() method broke the security protection
of XMLRPC server handlers. A remote attacker could exploit this to
execute arbitrary commands on an XMLRPC server.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-06-17·CVSS 7.5
CVE-2005-1992 [HIGH] security flaw
security flaw
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
GHSA
GHSA-vf66-crpm-448h: The XMLRPC server in utils
ghsa_unreviewed·2022-05-01
CVE-2005-1992 [HIGH] GHSA-vf66-crpm-448h: The XMLRPC server in utils
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
No detection rules found.
No public exploits indexed.
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.htmlhttp://secunia.com/advisories/16920/http://www.auscert.org.au/5509http://www.ciac.org/ciac/bulletins/p-312.shtmlhttp://www.debian.org/security/2005/dsa-748http://www.kb.cert.org/vuls/id/684913http://www.novell.com/linux/security/advisories/2005_18_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2005-543.htmlhttp://www.securityfocus.com/bid/14016http://www2.ruby-lang.org/en/20050701.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.htmlhttp://secunia.com/advisories/16920/http://www.auscert.org.au/5509http://www.ciac.org/ciac/bulletins/p-312.shtmlhttp://www.debian.org/security/2005/dsa-748http://www.kb.cert.org/vuls/id/684913http://www.novell.com/linux/security/advisories/2005_18_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2005-543.htmlhttp://www.securityfocus.com/bid/14016http://www2.ruby-lang.org/en/20050701.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819
2005-06-20
Published