CVE-2017-10784 : The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x bef

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

Published 2017-09-19 17:29:00

Updated 2018-10-31 10:29:04

Source MITRE

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2017-10784

Ruby-lang » Ruby
Versions up to, including, (<=) 2.2.7
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
Matching versions
Ruby-lang » Ruby » Version: 2.3.0
cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*
Matching versions
Ruby-lang » Ruby » Version: 2.3.1
cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*
Matching versions
Ruby-lang » Ruby » Version: 2.3.2
cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*
Matching versions
Ruby-lang » Ruby » Version: 2.3.3
cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*
Matching versions
Ruby-lang » Ruby » Version: 2.3.4
cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*
Matching versions
Ruby-lang » Ruby » Version: 2.4.1
cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*
Matching versions
Ruby-lang » Ruby » Version: 2.4.0
cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*
Matching versions
Ruby-lang » Ruby » Version: 2.4.0 Update Preview1
cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*
Matching versions
Ruby-lang » Ruby » Version: 2.4.0 Update Preview2
cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*
Matching versions
Ruby-lang » Ruby » Version: 2.3.0 Update Preview2
cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*
Matching versions
Ruby-lang » Ruby » Version: 2.4.0 Update Preview3
cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*
Matching versions
Ruby-lang » Ruby » Version: 2.3.0 Update Preview1
cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*
Matching versions
Ruby-lang » Ruby » Version: 2.4.0 Update RC1
cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2017-10784

Top countries where our scanners detected CVE-2017-10784

Top open port discovered on systems with this issue 80

IPs affected by CVE-2017-10784 3,535

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2017-10784!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2017-10784

EPSS FAQ

2.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 83 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-10784

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-10784

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-10784

https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/

Ruby 2.2.8 Released
Patch;Vendor Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:3485

RHSA-2017:3485 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://www.debian.org/security/2017/dsa-4031

Debian -- Security Information -- DSA-4031-1 ruby2.3

CVEs referencing this url
http://www.securitytracker.com/id/1039363

Ruby Multiple Flaws Let Remote Users Inject Log Data, Deny Service, and Obtain Potentially Sensitive Information from the Heap - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/

Ruby 2.3.5 Released
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/100853

Ruby CVE-2017-10784 Security Bypass Vulnerability
Third Party Advisory;VDB Entry
https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/

CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

[SECURITY] [DLA 1421-1] ruby2.1 security update

CVEs referencing this url
http://www.securitytracker.com/id/1042004

Apple macOS/OS X Multiple Remote Code Execution, Denial of Service, and Information Disclosure Attacks and Local Privilege Escalation Attacks - SecurityTracker

CVEs referencing this url
https://usn.ubuntu.com/3685-1/

USN-3685-1: Ruby vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:0585

RHSA-2018:0585 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://security.gentoo.org/glsa/201710-18

Ruby: Multiple vulnerabilities (GLSA 201710-18) — Gentoo security

CVEs referencing this url
https://usn.ubuntu.com/3528-1/

USN-3528-1: Ruby vulnerabilities | Ubuntu security notices
https://access.redhat.com/errata/RHSA-2018:0378

RHSA-2018:0378 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:0583

RHSA-2018:0583 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url