CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 1CVE-2008-4310 – Ruby 1.9 - 'WEBrick::HTTP::DefaultFileHandler' Crafted HTTP Request Denial of Service
https://notcve.org/view.php?id=CVE-2008-4310
09 Dec 2008 — httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656. El archivo httputils.rb en WEBrick en Ruby versiones 1.8.1 y 1.8.5, tal y como es usado en versiones 4 y 5 de Red Hat Enterprise Linux, permite a los atacantes remotos causar una denegación de servicio (consumo de CPU) por medio de una petición HT... • https://www.exploit-db.com/exploits/32222 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 1CVE-2008-3905 – ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module
https://notcve.org/view.php?id=CVE-2008-3905
04 Sep 2008 — resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. resolv.rb en Ruby 1.8.5 y versiones anteriores, 1.8.6 versiones anteriores a 1.8.6-p287, 1.8.7 versiones anteriores a 1.8.7-p72, y 1.9 r18423 y versiones anteriores utiliza transacciones secuenciales de IDs y p... • http://secunia.com/advisories/31430 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 5%CPEs: 21EXPL: 2CVE-2008-3790 – Ruby 1.9 - REXML Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3790
27 Aug 2008 — The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion." El módulo REXML en Ruby 1.8.6 hasta la versión 1.8.6-p287, 1.8.7 hasta 1.8.7-p72, y 1.9 permite que atacantes, dependiendo del contexto, provocar una denegación de servicio (agotamiento CPU) a través de un documento XML con entidades anidadas recursivamente, ta... • https://www.exploit-db.com/exploits/32292 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 18%CPEs: 51EXPL: 1CVE-2008-3443 – Ruby 1.9 - regex engine Remote Socket Memory Leak
https://notcve.org/view.php?id=CVE-2008-3443
14 Aug 2008 — The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick. El motor de expresiones regulares (regex.c) en Ruby 1.8.5 y anteriores, 1.8.6 a través de p286-1.8.6, 1.8.7 a través de 1.8.7-p71, y 1.9 a través de r18423 permite a atacan... • https://www.exploit-db.com/exploits/6239 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 53%CPEs: 47EXPL: 4CVE-2008-3655 – Ruby 1.9 - Safe Level Multiple Function Restriction Bypass
https://notcve.org/view.php?id=CVE-2008-3655
13 Aug 2008 — Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3. Ruby versiones 1.8.5 y anteriores, versiones 1.8.6 hasta 1.8.6-p286, versiones 1.8.7 hasta 1.8.7-p71, y versiones 1.9... • https://www.exploit-db.com/exploits/32224 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 10%CPEs: 43EXPL: 3CVE-2008-3656 – Ruby 1.9 - 'WEBrick::HTTP::DefaultFileHandler' Crafted HTTP Request Denial of Service
https://notcve.org/view.php?id=CVE-2008-3656
13 Aug 2008 — Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression. Una vulnerabilidad de complejidad algorítmica en la función WEBrick::HTTPUtils.split_header_value en WEBric... • https://packetstorm.news/files/id/180518 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 43EXPL: 2CVE-2008-3657 – Ruby 1.9 dl - Module DL.dlopen Arbitrary Library Access
https://notcve.org/view.php?id=CVE-2008-3657
13 Aug 2008 — The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen. El módulo dl en Ruby versiones 1.8.5 y anteriores, versiones 1.8.6 hasta 1.8.6-p286, versiones 1.8.7 hasta 1.8.7-p71, y versiones 1.9 a r18423 no comprueba la "taintness" de entradas, lo que permite a los atacantes dependien... • https://www.exploit-db.com/exploits/32223 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2008-2376 – ruby: integer overflows in rb_ary_fill() / Array#fill
https://notcve.org/view.php?id=CVE-2008-2376
09 Jul 2008 — Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows. Desbordamiento de entero en la función rb_ary_fill en array.c en Ruby antes de la revisión 17756 que permite a los atac... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2008-2662 – ruby: Integer overflows in rb_str_buf_append()
https://notcve.org/view.php?id=CVE-2008-2662
24 Jun 2008 — Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE de... • http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0CVE-2008-2663 – ruby: Integer overflows in rb_ary_store()
https://notcve.org/view.php?id=CVE-2008-2663
24 Jun 2008 — Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it ... • http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue • CWE-190: Integer Overflow or Wraparound •