Description

The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.

Remediation

References

CVE-2011-2705

Related Vulnerabilities

WordPress Plugin Post Content XMLRPC SQL Injection (1.0)

WordPress Plugin WP Mail Logging Security Bypass (1.11.2)

GlassFish CVE-2016-3607 Vulnerability (CVE-2016-3607)

WordPress Plugin Homepage SlideShow 'upload.php' Arbitrary File Upload (2.0)

WordPress Plugin 4k Icons for Visual Composer-Free Cross-Site Scripting (1.0)

Severity

Medium

Classification

CVE-2011-2705 CWE-20

Tags

Missing Update Known Vulnerabilities