Class: Dawn::Kb::CVE_2005_1992

# File 'lib/dawn/kb/cve_2005_1992.rb', line 7

def initialize
      message = "The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents \"security protection\" using handlers, which allows remote attackers to execute arbitrary commands."

      super({
        :name=>"CVE-2005-1992",
        :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
        :release_date => Date.new(2005, 06, 20),
        :cve=>"CVE-2005-1992",
        :priority=>:high,
        :severity=>:high,
        :cwe=>"",
        :owasp=>"A9", 
        :applies=>["rails", "sinatra", "padrino"],
        :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
        :message=>message,
        :mitigation=>"Upgrade your ruby interpreter",
        :aux_links=>["http://www2.ruby-lang.org/en/20050701.html"]
      })

      self.safe_rubies = [{:engine=>"ruby", :version=>"1.8.999", :patchlevel=>"p0"}]

end

Class: Dawn::Kb::CVE_2005_1992

Overview

Constant Summary

Constants included from BasicCheck

Instance Attribute Summary

Attributes included from RubyVersionCheck

Attributes included from BasicCheck

Instance Method Summary collapse

Methods included from RubyVersionCheck

Methods included from BasicCheck

Methods included from Utils

Constructor Details

#initialize ⇒ CVE_2005_1992

#initialize ⇒ `CVE_2005_1992`