CVE-2006-4111

Published: Aug 14, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

21466

third-party-advisory

x_refsource_SECUNIA

21749

third-party-advisory

x_refsource_SECUNIA

19454

vdb-entry

x_refsource_BID

ADV-2006-3237

vdb-entry

x_refsource_VUPEN

http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html

x_refsource_MISC

SUSE-SR:2006:021

vendor-advisory

x_refsource_SUSE

http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits

x_refsource_CONFIRM

GLSA-200608-20

vendor-advisory

x_refsource_GENTOO

1016673

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2006-4111

Description

Affected Products

References