Ruby-lang Ruby 1.8.5
Approved changes feed: RSS · Atom
cpe:2.3:a:ruby-lang:ruby:1.8.5:*:*:*:*:*:*:*
part: a version: 1.8.5 update: *
| Vendor | Ruby Lang (5813a634-c286-5f1d-90d5-a1a352f78d39) |
|---|---|
| Product | Ruby (48f7c14c-c576-5b15-be87-22eeb9add91e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/ruby/ruby |
purl2cpe | 2026-06-01 10:11:45.336705 |
pkg:ruby-lang/ruby |
purl2cpe | 2026-06-01 10:11:45.336706 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2008-4310 |
vulnerable | 2026-06-03 14:28:57.773439 |
Details available
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
Published: 2008-12-09T00:00:00.000Z
Updated: 2024-08-07T10:08:35.153Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-3443 |
vulnerable | 2026-06-03 14:28:53.790069 |
Details available
The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
Published: 2008-08-14T23:00:00.000Z
Updated: 2024-08-07T09:37:26.963Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-1891 |
vulnerable | 2026-06-03 14:28:42.450822 |
Details available
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.
Published: 2008-04-18T22:00:00.000Z
Updated: 2024-08-07T08:41:00.043Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-5770 |
vulnerable | 2026-06-03 14:28:27.829160 |
Details available
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
Published: 2007-11-14T01:00:00.000Z
Updated: 2024-08-07T15:39:13.628Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-5162 |
vulnerable | 2026-06-03 14:28:25.060183 |
Details available
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
Published: 2007-10-01T00:00:00.000Z
Updated: 2024-08-07T15:24:41.704Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.