CVE-2007-5162 – Net: HTTP insufficient verification of SSL certificate
https://notcve.org/view.php?id=CVE-2007-5162
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. El método connect en lib/net/http.rb en las bibliotecas (1) Net::HTTP y (2) Net::HTTPS de Ruby 1.8.5 y 1.8.6 no verifica que el campo commonName (CN) en un certificado de servidor concuerde con el nombre de dominio de una petición HTTPS, lo cual facilita a atacantes remotos interceptar transmisiones SSL mediante un ataque de "hombre en medio" (man-in-the-middle) o sitio web falsificado. • http://secunia.com/advisories/26985 http://secunia.com/advisories/27044 http://secunia.com/advisories/27432 http://secunia.com/advisories/27576 http://secunia.com/advisories/27673 http://secunia.com/advisories/27756 http://secunia.com/advisories/27764 http://secunia.com/advisories/27769 http://secunia.com/advisories/27818 http://secunia.com/advisories/28645 http://secunia.com/advisories/29556 http://securityreason.com/securityalert/3180 http://svn.ruby-lang.org/cgi-bin/vi • CWE-287: Improper Authentication •
CVE-2006-6303 – ruby's cgi.rb vulnerable infinite loop DoS
https://notcve.org/view.php?id=CVE-2006-6303
The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. La función read_multipart en cgi.rb de Ruby anterior a 1.8.5-p2 no detecta adecuadamente los límites en contenido MIME multipart, lo cual permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante una petición HTTP artesanal, un asunto diferente que CVE-2006-5467. • http://bugs.gentoo.org/show_bug.cgi?id=157048 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287 http://docs.info.apple.com/article.html?artnum=305530 http://jvn.jp/jp/JVN%2384798830/index.html http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/23165 http://secunia.com/advisories/23268 http://secunia.com/advisories/23454 http://secunia.com/advisories/25402 http://secunia.com/advisories/27576 http://secunia.co • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2006-5467 – Ruby CGI multipart parsing DoS
https://notcve.org/view.php?id=CVE-2006-5467
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID. La libreria CGI cgi.rb para Ruby 1.8 permite a un atacante remoto provocar denegación de servicio (bucle infinito y consumo de CPU) a través de una respuesta HTTP con un cuerpo multiparte MIME que contiene un limite especifico no valido, como se demosotro usando una especificaión que comenzaba con un "-" en vez de "--" y contiene un ID inconsistente. • ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html http://secunia.com/advisories/22615 http://secunia.com/advisories/22624 http://secunia.com/advisories/22761 http://secunia.com/advisories/22929 http://secunia.com/advisories/22932 http://secunia.com/advisories/23040 http • CWE-399: Resource Management Errors •
CVE-2006-3694
https://notcve.org/view.php?id=CVE-2006-3694
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations". Múltiples vulnerabilidades no especificadas en Ruby anterior a 1.8.5 permite a atacantes remotos evitar la validación "nivel de seguro" a través de vectores no especificados afectando a la función (1)alias y (2) "operaciones de directorio". • ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P http://jvn.jp/jp/JVN%2313947696/index.html http://jvn.jp/jp/JVN%2383768862/index.html http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html http://secunia.com/advisories/21009 http://secunia.com/advisories/21233 http://secunia.com/advisories/21236 http://secunia.com/advisories/21272 http://secunia.com/advisories/21 •
CVE-2006-1931 – Yukihiro Matsumoto Ruby 1.x - XMLRPC Server Denial of Service
https://notcve.org/view.php?id=CVE-2006-1931
The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data. • https://www.exploit-db.com/exploits/27723 ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-webrick-dos-1.patch ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-xmlrpc-dos-1.patch http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787 http://secunia.com/advisories/16904 http://secunia.com/advisories/19772 http://secunia.com/advisories/19804 http://secunia.com/advisories/20024 http://secunia.com/advisories/20064 http://secunia.com/advis •