CVE-2008-3657 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Vendor	Product	Version
ruby-lang	ruby	𝑥 ≤ 1.8.5
ruby-lang	ruby	1.6.8
ruby-lang	ruby	1.8.0
ruby-lang	ruby	1.8.1
ruby-lang	ruby	1.8.1:-9
ruby-lang	ruby	1.8.2
ruby-lang	ruby	1.8.2:preview2
ruby-lang	ruby	1.8.2:preview3
ruby-lang	ruby	1.8.2:preview4
ruby-lang	ruby	1.8.3
ruby-lang	ruby	1.8.3:preview1
ruby-lang	ruby	1.8.3:preview2
ruby-lang	ruby	1.8.3:preview3
ruby-lang	ruby	1.8.4
ruby-lang	ruby	1.8.4:preview1
ruby-lang	ruby	1.8.4:preview2
ruby-lang	ruby	1.8.4:preview3
ruby-lang	ruby	1.8.5:p11
ruby-lang	ruby	1.8.5:p113
ruby-lang	ruby	1.8.5:p115
ruby-lang	ruby	1.8.5:p12
ruby-lang	ruby	1.8.5:p2
ruby-lang	ruby	1.8.5:p35
ruby-lang	ruby	1.8.5:preview1
ruby-lang	ruby	1.8.5:preview2
ruby-lang	ruby	1.8.5:preview3
ruby-lang	ruby	1.8.5:preview4
ruby-lang	ruby	1.8.5:preview5
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6:p110
ruby-lang	ruby	1.8.6:p114
ruby-lang	ruby	1.8.6:preview1
ruby-lang	ruby	1.8.6:preview2
ruby-lang	ruby	1.8.6:preview3
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7:p17
ruby-lang	ruby	1.8.7:p22
ruby-lang	ruby	1.8.7:p71
ruby-lang	ruby	1.8.7:preview1
ruby-lang	ruby	1.8.7:preview2
ruby-lang	ruby	1.8.7:preview3
ruby-lang	ruby	1.8.7:preview4
ruby-lang	ruby	1.9.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

ruby1.8

oneiric	not-affected
natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	Fixed 1.8.6.111-2ubuntu1.2 released
gutsy	Fixed 1.8.6.36-1ubuntu3.3 released
feisty	Fixed 1.8.5-4ubuntu2.3 released
dapper	Fixed 1.8.4-1ubuntu1.6 released

ruby1.9

oneiric	dne
natty	dne
maverick	dne
lucid	Fixed 1.9.0.2-7 released
karmic	Fixed 1.9.0.2-7 released
jaunty	Fixed 1.9.0.2-7 released
intrepid	Fixed 1.9.0.2-7 released
hardy	ignored
gutsy	ignored
feisty	ignored
dapper	ignored

Known Exploits!

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://secunia.com/advisories/31430

http://secunia.com/advisories/31697

http://secunia.com/advisories/32165

http://secunia.com/advisories/32219

http://secunia.com/advisories/32255

http://secunia.com/advisories/32256

http://secunia.com/advisories/32371

http://secunia.com/advisories/33178

http://secunia.com/advisories/35074

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://support.apple.com/kb/HT3549

http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264

http://www.debian.org/security/2008/dsa-1651

http://www.debian.org/security/2008/dsa-1652

http://www.redhat.com/support/errata/RHSA-2008-0897.html

http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

http://www.securityfocus.com/archive/1/495884/100/0/threaded

http://www.securityfocus.com/bid/30644

http://www.securitytracker.com/id?1020652

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2008/2334

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/44372

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793

https://usn.ubuntu.com/651-1/

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://secunia.com/advisories/31430

http://secunia.com/advisories/31697

http://secunia.com/advisories/32165

http://secunia.com/advisories/32219

http://secunia.com/advisories/32255

http://secunia.com/advisories/32256

http://secunia.com/advisories/32371

http://secunia.com/advisories/33178

http://secunia.com/advisories/35074

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://support.apple.com/kb/HT3549

http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264

http://www.debian.org/security/2008/dsa-1651

http://www.debian.org/security/2008/dsa-1652

http://www.redhat.com/support/errata/RHSA-2008-0897.html

http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

http://www.securityfocus.com/archive/1/495884/100/0/threaded

http://www.securityfocus.com/bid/30644

http://www.securitytracker.com/id?1020652

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2008/2334

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/44372

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793

https://usn.ubuntu.com/651-1/

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html