// For flags

CVE-2005-2337

 

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-07-21 CVE Reserved
  • 2005-10-07 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (30)
URL Tag Source
http://jvn.jp/jp/JVN%2362914675/index.html X_refsource_misc
http://secunia.com/advisories/17094 Third Party Advisory
http://securityreason.com/securityalert/59 Third Party Advisory
http://www.kb.cert.org/vuls/id/160012 Third Party Advisory
http://www.securityfocus.com/bid/14909 Vdb Entry
http://www.securityfocus.com/bid/17951 Vdb Entry
http://www.securitytracker.com/alerts/2005/Sep/1014948.html Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA06-132A.html Third Party Advisory
http://www.vupen.com/english/advisories/2006/1779 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/22360 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10564 Signature
URL Date SRC
URL Date SRC
http://secunia.com/advisories/16904 2017-10-11
http://www.ruby-lang.org/en/20051003.html 2017-10-11
URL Date SRC
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html 2017-10-11
http://secunia.com/advisories/17098 2017-10-11
http://secunia.com/advisories/17129 2017-10-11
http://secunia.com/advisories/17147 2017-10-11
http://secunia.com/advisories/17285 2017-10-11
http://secunia.com/advisories/19130 2017-10-11
http://secunia.com/advisories/20077 2017-10-11
http://www.debian.org/security/2005/dsa-860 2017-10-11
http://www.debian.org/security/2005/dsa-862 2017-10-11
http://www.debian.org/security/2005/dsa-864 2017-10-11
http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml 2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2005:191 2017-10-11
http://www.novell.com/linux/security/advisories/2006_05_sr.html 2017-10-11
http://www.redhat.com/support/errata/RHSA-2005-799.html 2017-10-11
http://www.ubuntu.com/usn/usn-195-1 2017-10-11
https://access.redhat.com/security/cve/CVE-2005-2337 2005-10-11
https://bugzilla.redhat.com/show_bug.cgi?id=1617706 2005-10-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Yukihiro Matsumoto
Search vendor "Yukihiro Matsumoto"
 Ruby
Search vendor "Yukihiro Matsumoto" for product "Ruby"
 1.6
Search vendor "Yukihiro Matsumoto" for product "Ruby" and version "1.6"
-
Affected
Yukihiro Matsumoto
Search vendor "Yukihiro Matsumoto"
 Ruby
Search vendor "Yukihiro Matsumoto" for product "Ruby"
 1.6.1
Search vendor "Yukihiro Matsumoto" for product "Ruby" and version "1.6.1"
-
Affected
Yukihiro Matsumoto
Search vendor "Yukihiro Matsumoto"
 Ruby
Search vendor "Yukihiro Matsumoto" for product "Ruby"
 1.6.2
Search vendor "Yukihiro Matsumoto" for product "Ruby" and version "1.6.2"
-
Affected
Yukihiro Matsumoto
Search vendor "Yukihiro Matsumoto"
 Ruby
Search vendor "Yukihiro Matsumoto" for product "Ruby"
 1.6.3
Search vendor "Yukihiro Matsumoto" for product "Ruby" and version "1.6.3"
-
Affected
Yukihiro Matsumoto
Search vendor "Yukihiro Matsumoto"
 Ruby
Search vendor "Yukihiro Matsumoto" for product "Ruby"
 1.6.4
Search vendor "Yukihiro Matsumoto" for product "Ruby" and version "1.6.4"
-
Affected
Yukihiro Matsumoto
Search vendor "Yukihiro Matsumoto"
 Ruby
Search vendor "Yukihiro Matsumoto" for product "Ruby"
 1.6.5
Search vendor "Yukihiro Matsumoto" for product "Ruby" and version "1.6.5"
-
Affected
Yukihiro Matsumoto
Search vendor "Yukihiro Matsumoto"
 Ruby
Search vendor "Yukihiro Matsumoto" for product "Ruby"
 1.6.6
Search vendor "Yukihiro Matsumoto" for product "Ruby" and version "1.6.6"
-
Affected
Yukihiro Matsumoto
Search vendor "Yukihiro Matsumoto"
 Ruby
Search vendor "Yukihiro Matsumoto" for product "Ruby"
 1.6.7
Search vendor "Yukihiro Matsumoto" for product "Ruby" and version "1.6.7"
-
Affected
Yukihiro Matsumoto
Search vendor "Yukihiro Matsumoto"
 Ruby
Search vendor "Yukihiro Matsumoto" for product "Ruby"
 1.8
Search vendor "Yukihiro Matsumoto" for product "Ruby" and version "1.8"
-
Affected
Yukihiro Matsumoto
Search vendor "Yukihiro Matsumoto"
 Ruby
Search vendor "Yukihiro Matsumoto" for product "Ruby"
 1.8.1
Search vendor "Yukihiro Matsumoto" for product "Ruby" and version "1.8.1"
-
Affected
Yukihiro Matsumoto
Search vendor "Yukihiro Matsumoto"
 Ruby
Search vendor "Yukihiro Matsumoto" for product "Ruby"
 1.8.2_pre1
Search vendor "Yukihiro Matsumoto" for product "Ruby" and version "1.8.2_pre1"
-
Affected
Yukihiro Matsumoto
Search vendor "Yukihiro Matsumoto"
 Ruby
Search vendor "Yukihiro Matsumoto" for product "Ruby"
 1.8.2_pre2
Search vendor "Yukihiro Matsumoto" for product "Ruby" and version "1.8.2_pre2"
-
Affected