exploitDog

CVE-2017-10784

Опубликовано: 19 сент. 2017

Источник: debian

Описание

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ruby2.3	fixed	2.3.5-1		package
ruby2.1	removed			package
ruby1.9.1	removed			package
ruby1.8	removed			package

Примечания

https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/
https://github.com/ruby/ruby/commit/6617c41292b7d1e097abb8fdb0cab9ddd83c77e7
https://hackerone.com/reports/223363

Связанные уязвимости

CVE-2017-10784

CVSS3: 8.8

ubuntu

около 8 лет назад

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

CVE-2017-10784

CVSS3: 5.4

redhat

около 8 лет назад

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

CVE-2017-10784

CVSS3: 8.8

nvd

около 8 лет назад

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

GHSA-369m-2gv6-mw28

CVSS3: 8.8

github

больше 3 лет назад

WEBrick RCE Vulnerability

BDU:2017-02342

CVSS3: 8.8

fstec

больше 8 лет назад

Уязвимость функции аутентификации библиотеки WEBrick, позволяющая нарушителю выполнить произвольные команды