Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1931 — Matsumoto Ruby vulnerability

9 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

13.2%

top 5.84%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Yukihiro Matsumoto Ruby

Timeline

PublishedApr 20

Latest updateMay 3

Description

The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDyukihiro_matsumoto/ruby10 versions+9

Patches

Patch: ftp.ruby-lang.org ↗Patch: blade.nagaokaut.ac.jp ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-j98g-25wq-62h9: The HTTP/XMLRPC server in Ruby before 1↗2022-05-03

▶

CVEList

CVE-2006-1931: The HTTP/XMLRPC server in Ruby before 1↗2006-04-20

▶

💥Exploits & PoCs

Exploit-DB

Yukihiro Matsumoto Ruby 1.x - XMLRPC Server Denial of Service↗2006-04-21

▶

📋Vendor Advisories

Ubuntu

Ruby vulnerability↗2006-04-24

▶

Red Hat

security flaw↗2005-06-30

▶

💬Community

Bugzilla

CVE-2006-1931 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-1931 Ruby http/xmlrpc server DoS↗2006-04-20

▶

Bugzilla

CVE-2006-1931 Ruby http/xmlrpc server DoS↗2006-04-20

▶