RedhatCVE-2005-1992

HistoryJun 20, 2005 - 4:00 a.m.

CVE-2005-1992

2005-06-2004:00:00

redhat

web.nvd.nist.gov

cve-2005-1992

xmlrpc

libruby

remote execution

security protection

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.6

Confidence

High

EPSS

0.036

Percentile

91.7%

JSON

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents “security protection” using handlers, which allows remote attackers to execute arbitrary commands.

Affected configurations

Nvd

Node

yukihiro_matsumotorubyMatch1.8

VendorProductVersionCPE
yukihiro_matsumotoruby1.8cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yukihiro_matsumoto	ruby	1.8	cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:::::::*

References

blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237

bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064

lists.apple.com/archives/security-announce/2005/Sep/msg00002.html

secunia.com/advisories/16920/

www.auscert.org.au/5509

www.ciac.org/ciac/bulletins/p-312.shtml

www.debian.org/security/2005/dsa-748

www.kb.cert.org/vuls/id/684913

www.novell.com/linux/security/advisories/2005_18_sr.html

www.redhat.com/support/errata/RHSA-2005-543.html

www.securityfocus.com/bid/14016

www2.ruby-lang.org/en/20050701.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.6

Confidence

High

EPSS

0.036

Percentile

91.7%

JSON

Related for CVE-2005-1992