Vulnerabilities
Vulnerable Software
Yukihiro Matsumoto:  >> Ruby  >> 1.6  Security Vulnerabilities
The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.
CVSS Score
5.0
EPSS Score
0.14
Published
2006-04-20
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
CVSS Score
7.5
EPSS Score
0.206
Published
2005-10-07
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
CVSS Score
5.0
EPSS Score
0.011
Published
2005-03-01
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
CVSS Score
2.1
EPSS Score
0.001
Published
2004-10-20


Contact Us

Shodan ® - All rights reserved