Miggo Logo
Miggo Vulnerability Database
CVE-2006-4112

CVE-2006-4112: High severity vulnerability that affects rails.

7.5

CVSS Score

Basic Information

CVE ID
CVE-2006-4112
GHSA ID
GHSA-9wrq-xvmp-xjc8
EPSS Score
0.90981%
CWE
-
Published
10/24/2017
Updated
11/9/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
railsrubygems>= 1.1.0, < 1.1.61.1.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

Multiple advisories (CERT VU#699540, Gentoo GLSA 200608-20) explicitly link the vulnerability to improper handling of URL parameters in routing code that affected LOAD_PATH manipulation. The Rails security announcement references fixes in routing logic, and historical analysis of Rails 1.1.x shows routing components were responsible for parameter interpretation and load path configuration. The functions identified are core routing components that process URL parameters and influence code loading behavior.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Unsp**i*i** vuln*r**ility in t** "**p*n**n*y r*solution m****nism" in Ru*y on R*ils *.*.* t*rou** *.*.* *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry Ru*y *o** vi* * URL t**t is not prop*rly **n*l** in t** routin* *o**, w*i** l***s to * **ni*l o* s*rv

Reasoning

Multipl* **visori*s (**RT VU#******, **ntoo *LS* ******-**) *xpli*itly link t** vuln*r**ility to improp*r **n*lin* o* URL p*r*m*t*rs in routin* *o** t**t *****t** `LO**_P*T*` m*nipul*tion. T** R*ils s**urity *nnoun**m*nt r***r*n**s *ix*s in routin* l