Short Name |
HTTP:MISC:RUBY-WEBRICK-ESCAPE
|
Severity |
Medium
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Ruby WEBrick Terminal Escape Sequence Logs Command Injection
|
Release Date |
2013/06/21
|
Update Number |
2275
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+
|
HTTP: Ruby WEBrick Terminal Escape Sequence Logs Command Injection
This signature detects attempts to exploit a command injection vulnerability in Ruby WEBrick Terminal. It is due to insufficient validation of user-supplied input. A successful attack can lead to execute arbitrary commands in the context of the application.
Extended Description
Ruby WEBrick is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files.
Attackers can exploit this issue to execute arbitrary commands in a terminal.
Versions *prior to* the following are affected:
Ruby 1.8.6 patchlevel 388
Ruby 1.8.7 patchlevel 249
Ruby 1.9.1 patchlevel 378
Affected Products
- Avaya Aura System Manager 6.1
- Avaya Aura System Manager 6.1.1
- Avaya Aura System Manager 6.1 Sp1
- Avaya Aura System Manager 6.1 SP2
- Gentoo Linux
- Mandriva Corporate Server 4.0
- Mandriva Corporate Server 4.0.0 X86 64
- Mandriva Enterprise Server 5
- Mandriva Enterprise Server 5 X86 64
- Mandriva Linux Mandrake 2008.0
- Mandriva Linux Mandrake 2008.0 X86 64
- Mandriva Linux Mandrake 2009.0
- Mandriva Linux Mandrake 2009.0 X86 64
- Mandriva Linux Mandrake 2009.1
- Mandriva Linux Mandrake 2009.1 X86 64
- Mandriva Linux Mandrake 2010.0
- Mandriva Linux Mandrake 2010.0 X86 64
- Pardus Linux 2009
- Red Hat Desktop 4.0.0
- Red Hat Desktop Workstation 5
- Red Hat Enterprise Linux 5 Server
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux AS 4.8.Z
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux ES 4.8.Z
- Red Hat Enterprise Linux EUS 5.6.z server
- Red Hat Enterprise Linux Long Life 5.6 server
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora 11
- Red Hat Fedora 12
- Red Hat Fedora 13
- Ubuntu Ubuntu Linux 8.10 Amd64
- Ubuntu Ubuntu Linux 8.10 I386
- Ubuntu Ubuntu Linux 8.10 Lpia
- Ubuntu Ubuntu Linux 8.10 Powerpc
- Ubuntu Ubuntu Linux 8.10 Sparc
- Ubuntu Ubuntu Linux 9.04 Amd64
- Ubuntu Ubuntu Linux 9.04 I386
- Ubuntu Ubuntu Linux 9.04 Lpia
- Ubuntu Ubuntu Linux 9.04 Powerpc
- Ubuntu Ubuntu Linux 9.04 Sparc
- Ubuntu Ubuntu Linux 9.10 Amd64
- Ubuntu Ubuntu Linux 9.10 I386
- Ubuntu Ubuntu Linux 9.10 Lpia
- Ubuntu Ubuntu Linux 9.10 Powerpc
- Ubuntu Ubuntu Linux 9.10 Sparc
- Yukihiro Matsumoto Ruby 1.8.0
- Yukihiro Matsumoto Ruby 1.8.1
- Yukihiro Matsumoto Ruby 1.8.2
- Yukihiro Matsumoto Ruby 1.8.2 Pre1
- Yukihiro Matsumoto Ruby 1.8.2 Pre2
- Yukihiro Matsumoto Ruby 1.8.2 Pre3
- Yukihiro Matsumoto Ruby 1.8.2 Pre4
- Yukihiro Matsumoto Ruby 1.8.3
- Yukihiro Matsumoto Ruby 1.8.4
- Yukihiro Matsumoto Ruby 1.8.5
- Yukihiro Matsumoto Ruby 1.8.5-P115
- Yukihiro Matsumoto Ruby 1.8.5-P2
- Yukihiro Matsumoto Ruby 1.8.5-P230
- Yukihiro Matsumoto Ruby 1.8.5-P231
- Yukihiro Matsumoto Ruby 1.8.6
- Yukihiro Matsumoto Ruby 1.8.6-P114
- Yukihiro Matsumoto Ruby 1.8.6-P229
- Yukihiro Matsumoto Ruby 1.8.6-P230
- Yukihiro Matsumoto Ruby 1.8.6-P286
- Yukihiro Matsumoto Ruby 1.8.6-P287
- Yukihiro Matsumoto Ruby 1.8.6-P368
- Yukihiro Matsumoto Ruby 1.8.6-P369
- Yukihiro Matsumoto Ruby 1.8.6-P383
- Yukihiro Matsumoto Ruby 1.8.7
- Yukihiro Matsumoto Ruby 1.8.7-P160
- Yukihiro Matsumoto Ruby 1.8.7-P173
- Yukihiro Matsumoto Ruby 1.8.7-P21
- Yukihiro Matsumoto Ruby 1.8.7-P22
- Yukihiro Matsumoto Ruby 1.8.7-P248
- Yukihiro Matsumoto Ruby 1.8.7-P71
- Yukihiro Matsumoto Ruby 1.8.7-P72
- Yukihiro Matsumoto Ruby 1.9
- Yukihiro Matsumoto Ruby 1.9.0
- Yukihiro Matsumoto Ruby 1.9.0-1
- Yukihiro Matsumoto Ruby 1.9.0 -2
- Yukihiro Matsumoto Ruby 1.9.0-3
- Yukihiro Matsumoto Ruby 1.9.1
- Yukihiro Matsumoto Ruby 1.9.1-P376
- Yukihiro Matsumoto Ruby
References