SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2011-1005

Date: (C)2011-03-02 (M)2024-04-19

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

APPLE-SA-2012-05-09-1

FEDORA-2011-1876

FEDORA-2011-1913

http://www.openwall.com/lists/oss-security/2011/02/21/2

http://www.openwall.com/lists/oss-security/2011/02/21/5

http://support.apple.com/kb/HT5281

http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/

https://bugzilla.redhat.com/show_bug.cgi?id=678920

cpe:/a:ruby-lang:ruby:1.8.7

oval:org.secpod.oval:def:701016
oval:org.secpod.oval:def:104225
oval:org.secpod.oval:def:201500
oval:org.secpod.oval:def:200526
...

© SecPod Technologies