Summary
Ruby WEBrick is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files.
Attackers can exploit this issue to execute arbitrary commands in a terminal.
Versions *prior to* the following are affected:
Ruby 1.8.6 patchlevel 388 Ruby 1.8.7 patchlevel 249 Ruby 1.9.1 patchlevel 378
Solution
Updates are available. Please see the references for details.
References
Severity
Classification
-
CVE CVE-2009-4492 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
- GoAhead WebServer Script Source Code Disclosure
- Lil' HTTP Server Cross Site Scripting Vulnerability
- IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities
- IOServer Trailing Backslash Multiple Directory Traversal Vulnerabilities