CVE-2008-3790 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Vendor	Product	Version
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6:p110
ruby-lang	ruby	1.8.6:p111
ruby-lang	ruby	1.8.6:p114
ruby-lang	ruby	1.8.6:p230
ruby-lang	ruby	1.8.6:p286
ruby-lang	ruby	1.8.6:p287
ruby-lang	ruby	1.8.6:p36
ruby-lang	ruby	1.8.6:preview1
ruby-lang	ruby	1.8.6:preview2
ruby-lang	ruby	1.8.6:preview3
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7:p17
ruby-lang	ruby	1.8.7:p22
ruby-lang	ruby	1.8.7:p71
ruby-lang	ruby	1.8.7:p72
ruby-lang	ruby	1.8.7:preview1
ruby-lang	ruby	1.8.7:preview2
ruby-lang	ruby	1.8.7:preview3
ruby-lang	ruby	1.8.7:preview4
ruby-lang	ruby	1.9

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

ruby1.8

oneiric	not-affected
natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	Fixed 1.8.6.111-2ubuntu1.2 released
gutsy	Fixed 1.8.6.36-1ubuntu3.3 released
feisty	Fixed 1.8.5-4ubuntu2.3 released
dapper	Fixed 1.8.4-1ubuntu1.6 released

ruby1.9

oneiric	dne
natty	dne
maverick	dne
lucid	Fixed 1.9.0.2-7 released
karmic	Fixed 1.9.0.2-7 released
jaunty	Fixed 1.9.0.2-7 released
intrepid	Fixed 1.9.0.2-7 released
hardy	ignored
gutsy	ignored
feisty	ignored
dapper	ignored

Known Exploits!

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://secunia.com/advisories/31602

http://secunia.com/advisories/32165

http://secunia.com/advisories/32219

http://secunia.com/advisories/32255

http://secunia.com/advisories/32256

http://secunia.com/advisories/32371

http://secunia.com/advisories/33178

http://secunia.com/advisories/33185

http://secunia.com/advisories/35074

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://support.apple.com/kb/HT3549

http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm

http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release

http://www.debian.org/security/2008/dsa-1651

http://www.debian.org/security/2008/dsa-1652

http://www.openwall.com/lists/oss-security/2008/08/25/4

http://www.openwall.com/lists/oss-security/2008/08/26/1

http://www.openwall.com/lists/oss-security/2008/08/26/4

http://www.redhat.com/support/errata/RHSA-2008-0897.html

http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/

http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb

http://www.securityfocus.com/bid/30802

http://www.securitytracker.com/id?1020735

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2008/2428

http://www.vupen.com/english/advisories/2008/2483

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/44628

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393

https://usn.ubuntu.com/651-1/

https://usn.ubuntu.com/691-1/

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html

http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://secunia.com/advisories/31602

http://secunia.com/advisories/32165

http://secunia.com/advisories/32219

http://secunia.com/advisories/32255

http://secunia.com/advisories/32256

http://secunia.com/advisories/32371

http://secunia.com/advisories/33178

http://secunia.com/advisories/33185

http://secunia.com/advisories/35074

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://support.apple.com/kb/HT3549

http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm

http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release

http://www.debian.org/security/2008/dsa-1651

http://www.debian.org/security/2008/dsa-1652

http://www.openwall.com/lists/oss-security/2008/08/25/4

http://www.openwall.com/lists/oss-security/2008/08/26/1

http://www.openwall.com/lists/oss-security/2008/08/26/4

http://www.redhat.com/support/errata/RHSA-2008-0897.html

http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/

http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb

http://www.securityfocus.com/bid/30802

http://www.securitytracker.com/id?1020735

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2008/2428

http://www.vupen.com/english/advisories/2008/2483

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/44628

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393

https://usn.ubuntu.com/651-1/

https://usn.ubuntu.com/691-1/

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html