CVE-2017-10784
published 2017-09-19CVE-2017-10784: The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal…
PriorityP358high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
16.41%
96.6th percentile
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_high_sierra_10.13.6_security_update_2018-004_sierra_security_update_2018-0 | — | — |
| apple | macos_mojave_10.14.1_security_update_2018-002_high_sierra_security_update_2018-0 | — | — |
| ruby-lang | ruby | <= 2.2.7 | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.2.8-r0 | 2.2.8-r0 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.1CRITICAL
vendor_ubuntu9.1CRITICAL
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
WEBrick RCE Vulnerability
ghsa·2022-05-14
CVE-2017-10784 [HIGH] CWE-287 WEBrick RCE Vulnerability
WEBrick RCE Vulnerability
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
OSV
WEBrick RCE Vulnerability
osv·2022-05-14
CVE-2017-10784 [HIGH] WEBrick RCE Vulnerability
WEBrick RCE Vulnerability
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
OSV
ruby2.0 regression
osv·2021-03-25·CVSS 9.1
CVE-2017-0903 [CRITICAL] ruby2.0 regression
ruby2.0 regression
USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced
a regression in Ruby. This update fixes the problem.
Original advisory details:
Some of these CVE were already addressed in previous
USN: 3439-1, 3553-1, 3528-1. Here we address for
the remain releases.
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a buffer overrun. (CVE-2017-0898)
It was discovered that Ruby incorrectly handled certain files.
An attacker could use this to overwrite any file on the filesystem.
(CVE-2017-0901)
It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability.
An attacker could use this to possibly force the RubyGems client to download
and install gems from a server that the attacker controls.
OSV
ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
osv·2018-06-13·CVSS 9.1
CVE-2017-0898 [CRITICAL] ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
Some of these CVE were already addressed in previous
USN: 3439-1, 3553-1, 3528-1. Here we address for
the remain releases.
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a buffer overrun. (CVE-2017-0898)
It was discovered that Ruby incorrectly handled certain files.
An attacker could use this to overwrite any file on the filesystem.
(CVE-2017-0901)
It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability.
An attacker could use this to possibly force the RubyGems client to download
and install gems from a server that the attacker controls. (CVE-2017-0902)
It was discovered that Ruby incorrectly handled certain YAML files.
An attacker could use this to possibly execute arb
OSV
ruby1.9.1, ruby2.3 vulnerabilities
osv·2018-01-10·CVSS 8.8
CVE-2017-10784 [HIGH] ruby1.9.1, ruby2.3 vulnerabilities
ruby1.9.1, ruby2.3 vulnerabilities
It was discovered that Ruby incorrectly handled certain terminal emulator
escape sequences. An attacker could use this to execute arbitrary code via
a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.
(CVE-2017-10784)
It was discovered that Ruby incorrectly handled certain strings.
An attacker could use this to cause a denial of service. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-14033)
It was discovered that Ruby incorrectly handled some generating JSON.
An attacker could use this to possible expose sensitive information.
This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.
(CVE-2017-14064)
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to execu
OSV
ruby1.9.1 vulnerabilities
osv·2017-10-05·CVSS 9.1
CVE-2017-0898 [CRITICAL] ruby1.9.1 vulnerabilities
ruby1.9.1 vulnerabilities
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a buffer overrun.
(CVE-2017-0898)
Yusuke Endoh discovered that Ruby incorrectly handled certain files.
An attacker could use this to execute terminal escape sequences.
(CVE-2017-0899)
Yusuke Endoh discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a denial of service.
(CVE-2017-0900)
It was discovered that Ruby incorrectly handled certain files.
An attacker could use this to overwrite any file on the filesystem.
(CVE-2017-0901)
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to execute arbitrary code.
(CVE-2017-10784)
It was discovered that Ruby incorrectly handled certain inp
OSV
CVE-2017-10784: The Basic authentication code in WEBrick library in Ruby before 2
osv·2017-09-19·CVSS 8.8
CVE-2017-10784 [HIGH] CVE-2017-10784: The Basic authentication code in WEBrick library in Ruby before 2
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
Ubuntu
Ruby regression
vendor_ubuntu·2021-03-25·CVSS 9.1
CVE-2017-0903 [CRITICAL] Ruby regression
Title: Ruby regression
Summary: USN-3685-1 introduced a regression in Ruby.
USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced
a regression in Ruby. This update fixes the problem.
Original advisory details:
Some of these CVE were already addressed in previous
USN: 3439-1, 3553-1, 3528-1. Here we address for
the remain releases.
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a buffer overrun. (CVE-2017-0898)
It was discovered that Ruby incorrectly handled certain files.
An attacker could use this to overwrite any file on the filesystem.
(CVE-2017-0901)
It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability.
An attacker could use this to possibly force the RubyGems client to download
Apple
CVE-2017-10784: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra
vendor_apple·2018-10-30·CVSS 8.8
CVE-2017-10784 [HIGH] CVE-2017-10784: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra
Apple Security Update: About the security content of macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra
Product: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra
CVE: CVE-2017-10784
Component: CVE-2017-10784
Apple
CVE-2017-10784: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
vendor_apple·2018-07-09·CVSS 8.8
CVE-2017-10784 [HIGH] CVE-2017-10784: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
Apple Security Update: About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
Product: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
CVE: CVE-2017-10784
Component: CVE-2017-10784
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2018-06-13·CVSS 9.1
CVE-2017-0898 [CRITICAL] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
Some of these CVE were already addressed in previous
USN: 3439-1, 3553-1, 3528-1. Here we address for
the remain releases.
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a buffer overrun. (CVE-2017-0898)
It was discovered that Ruby incorrectly handled certain files.
An attacker could use this to overwrite any file on the filesystem.
(CVE-2017-0901)
It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability.
An attacker could use this to possibly force the RubyGems client to download
and install gems from a server that the attacker controls. (CVE-2017-0902)
It was discovered that Ruby incorrectly handled certain YAML files.
An attacker
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2018-01-10·CVSS 8.8
CVE-2017-10784 [HIGH] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that Ruby incorrectly handled certain terminal emulator
escape sequences. An attacker could use this to execute arbitrary code via
a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.
(CVE-2017-10784)
It was discovered that Ruby incorrectly handled certain strings.
An attacker could use this to cause a denial of service. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-14033)
It was discovered that Ruby incorrectly handled some generating JSON.
An attacker could use this to possible expose sensitive information.
This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.
(CVE-2017-14064)
It was discovered that Ruby incorrectly handled cert
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2017-10-05·CVSS 9.1
CVE-2017-0898 [CRITICAL] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a buffer overrun.
(CVE-2017-0898)
Yusuke Endoh discovered that Ruby incorrectly handled certain files.
An attacker could use this to execute terminal escape sequences.
(CVE-2017-0899)
Yusuke Endoh discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a denial of service.
(CVE-2017-0900)
It was discovered that Ruby incorrectly handled certain files.
An attacker could use this to overwrite any file on the filesystem.
(CVE-2017-0901)
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to execute arbitrary code.
(CVE-2017-10784)
It
Red Hat
ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
vendor_redhat·2017-09-14·CVSS 8.8
CVE-2017-10784 [HIGH] CWE-117 ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences.
Statement: This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 5, 6, and 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having M
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-0898 CVE-2017-10784 CVE-2017-14033 ruby: various flaws [fedora-all]
bugzilla·2017-09-15·CVSS 9.1
CVE-2017-0898 [CRITICAL] CVE-2017-0898 CVE-2017-10784 CVE-2017-14033 ruby: various flaws [fedora-all]
CVE-2017-0898 CVE-2017-10784 CVE-2017-14033 ruby: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions
Bugzilla
CVE-2017-10784 ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
bugzilla·2017-09-15·CVSS 8.8
CVE-2017-10784 [HIGH] CVE-2017-10784 ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
CVE-2017-10784 ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
There is an escape sequence injection vulnerability in the Basic authentication of WEBrick bundled by Ruby. When using the Basic authentication of WEBrick, clients can pass an arbitrary string as the user name. WEBrick outputs the passed user name intact to its log, then an attacker can inject malicious escape sequences to the log and dangerous control characters may be executed on a victim’s terminal emulator.
External References:
https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/
Discussion:
Created ruby tracking bugs for this issue:
Affects: fedora-all [bug 1492016]
Created ruby193-ruby tracking bugs for this issue:
Affects:
http://www.securityfocus.com/bid/100853http://www.securitytracker.com/id/1039363http://www.securitytracker.com/id/1042004https://access.redhat.com/errata/RHSA-2017:3485https://access.redhat.com/errata/RHSA-2018:0378https://access.redhat.com/errata/RHSA-2018:0583https://access.redhat.com/errata/RHSA-2018:0585https://lists.debian.org/debian-lts-announce/2018/07/msg00012.htmlhttps://security.gentoo.org/glsa/201710-18https://usn.ubuntu.com/3528-1/https://usn.ubuntu.com/3685-1/https://www.debian.org/security/2017/dsa-4031https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/http://www.securityfocus.com/bid/100853http://www.securitytracker.com/id/1039363http://www.securitytracker.com/id/1042004https://access.redhat.com/errata/RHSA-2017:3485https://access.redhat.com/errata/RHSA-2018:0378https://access.redhat.com/errata/RHSA-2018:0583https://access.redhat.com/errata/RHSA-2018:0585https://lists.debian.org/debian-lts-announce/2018/07/msg00012.htmlhttps://security.gentoo.org/glsa/201710-18https://usn.ubuntu.com/3528-1/https://usn.ubuntu.com/3685-1/https://www.debian.org/security/2017/dsa-4031https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/
2017-09-19
Published