CVE-2017-10784 - Authentication Issues vulnerability in Ruby Lang Ruby

Publication

2017-09-19

Last modification

2018-10-31

Summary

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

Classification

CWE-287 - Authentication Issues

Risk level (CVSS AV:N/AC:M/Au:N/C:C/I:C/A:C)

High

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Ruby Lang Ruby  2.3.1 , 2.2.7 , 2.3.4 , 2.3.0 , 2.3.2 , 2.3.3 , 2.4.0 , 2.4.1

Related CVE

Date CVE Title CVSS
2017-09-19 CVE-2017-14033 Buffer Errors vulnerability in Ruby Lang Ruby Medium