CVE-2006-4112

Severity Score

7.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111.

Vulnerabilidad no especificada en el "mecanismo de resolución de dependencias" en Ruby on Rails 1.1.0 hasta 1.1.5 permite a un atacante remoto ejecutar código Ruby de su elección a través de una URL que no es manejada correctamente en el código de enrutamiento, lo cual lleva a una denegación de servicio (aplicación colgada) o "perdida de datos", una vulenrabilidad diferente que CVE-2006-4111.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-08-14 CVE Reserved
2006-08-14 CVE Published
2024-08-07 CVE Updated
2025-04-02 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
http://securitytracker.com/id?1016673	Vdb Entry
http://www.securityfocus.com/archive/1/442934/100/0/threaded	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/28364	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/21424	2019-08-08
http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure	2019-08-08
http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml	2019-08-08
http://www.kb.cert.org/vuls/id/699540	2019-08-08
http://www.securityfocus.com/bid/19454	2019-08-08

URL	Date	SRC
http://secunia.com/advisories/21466	2019-08-08
http://secunia.com/advisories/21749	2019-08-08
http://www.novell.com/linux/security/advisories/2006_21_sr.html	2019-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rubyonrails Search vendor "Rubyonrails"		Rails Search vendor "Rubyonrails" for product "Rails"				1.1.0 Search vendor "Rubyonrails" for product "Rails" and version "1.1.0"		-		Affected
Rubyonrails Search vendor "Rubyonrails"		Rails Search vendor "Rubyonrails" for product "Rails"				1.1.1 Search vendor "Rubyonrails" for product "Rails" and version "1.1.1"		-		Affected
Rubyonrails Search vendor "Rubyonrails"		Rails Search vendor "Rubyonrails" for product "Rails"				1.1.2 Search vendor "Rubyonrails" for product "Rails" and version "1.1.2"		-		Affected
Rubyonrails Search vendor "Rubyonrails"		Rails Search vendor "Rubyonrails" for product "Rails"				1.1.3 Search vendor "Rubyonrails" for product "Rails" and version "1.1.3"		-		Affected
Rubyonrails Search vendor "Rubyonrails"		Rails Search vendor "Rubyonrails" for product "Rails"				1.1.4 Search vendor "Rubyonrails" for product "Rails" and version "1.1.4"		-		Affected