Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
17.69%
95.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| RubyGems | webrick | 0 |
| ruby-lang | webrick | 1.3.1 |
| n/a | n/a | n/a |
Timeline
- Jan 11, 2010 PoC Published
- Jan 13, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- May 19, 2022 EPSS Score
- Sep 1, 2022 EPSS Score
- Oct 23, 2022 EPSS Score
- Feb 4, 2023 EPSS Score
- Mar 28, 2023 EPSS Score
- Jul 10, 2023 EPSS Score
- Aug 2, 2023 EPSS Score
- Oct 22, 2023 EPSS Score
- Feb 3, 2024 EPSS Score
References
- http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection url
- RHSA-2011:0909 vendor-advisory
- 37949 third-party-advisory
- ADV-2010-0089 vdb
- RHSA-2011:0908 vendor-advisory
- http://www.ush.it/team/ush/hack_httpd_escape/adv.txt url
- 37710 vdb
- 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection mailing-list
- 1023429 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2009-4492 advisory
- https://github.com/advisories/GHSA-6mq2-37j5-w6r6 advisory
- https://github.com/ruby/webrick package
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2009-4492.yml url
- https://web.archive.org/web/20100113155532/http://www.vupen.com/english/advisories/2010/0089 url
- https://web.archive.org/web/20100815010948/http://secunia.com/advisories/37949 url
- https://web.archive.org/web/20170402100552/http://securitytracker.com/id?1023429 url
- https://web.archive.org/web/20170908140655/http://www.securityfocus.com/archive/1/508830/100/0/threaded url
- https://web.archive.org/web/20200228145937/http://www.securityfocus.com/bid/37710 url