QwikSec

Security Database

CVE

CWE

Training

CVE-2006-4112

Published: Aug 14, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure

x_refsource_CONFIRM

rubyonrails-url-code-execution(28364)

vdb-entry

x_refsource_XF

SUSE-SR:2006:021

vendor-advisory

x_refsource_SUSE

20060811 Security Vulnerability in Ruby on Rails 1.1.x

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_GENTOO

third-party-advisory

x_refsource_CERT-VN

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.