admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2006/CVE-2006-41xx/CVE-2006-4112.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

142 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2006-4112",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-14T21:04:00.000",
"lastModified": "2019-08-08T14:38:03.667",
"vulnStatus": "Modified",
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nRuby on Rails, Ruby on Rails, 1.1.6",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the \"dependency resolution mechanism\" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or \"data loss,\" a different vulnerability than CVE-2006-4111."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el \"mecanismo de resoluci\u00f3n de dependencias\" en Ruby on Rails 1.1.0 hasta 1.1.5 permite a un atacante remoto ejecutar c\u00f3digo Ruby de su elecci\u00f3n a trav\u00e9s de una URL que no es manejada correctamente en el c\u00f3digo de enrutamiento, lo cual lleva a una denegaci\u00f3n de servicio (aplicaci\u00f3n colgada) o \"perdida de datos\", una vulenrabilidad diferente que CVE-2006-4111."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": true,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E13DAEA-F118-4CB2-88A5-54E3327B6B9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC33BF68-D887-4C67-8E8C-D2A6CD877FB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFCB88D-D946-4510-8DDC-67C32A606589"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E793287E-2BDA-4012-86F5-886B82510431"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF706143-996C-4120-B620-3EDC977568DF"
}
]
}
]
}
],
"references": [
{
"url": "http://securitytracker.com/id?1016673",
"source": "cve@mitre.org"
},
{
"url": "http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://www.kb.cert.org/vuls/id/699540",
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
]
},
{
"url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/archive/1/442934/100/0/threaded",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/19454",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28364",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink