JVN/CVE Demo: Nvdinfos

NVD

Id: 49169
Name: CVE-2009-1904
Description: The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.
Reject
CVSS Version: 2
CVSS Score: 5
Severity: Medium
CVSS Base Score: 5
CVSS Impact Subscore: 2.9
CVSS Exploit Subscore: 10
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Pub Date: 2017-01-07
Published: 2009-06-11
Modified Date: 2010-08-21
Seq: 2009-1904

Actions

Related NVD References

Id	NVD Id	NVD No.	Reference	Actions
248957	49169	CVE-2009-1904	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689	View
248958	49169	CVE-2009-1904	http://bugs.gentoo.org/show_bug.cgi?id=273213	View
248959	49169	CVE-2009-1904	http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master	View
248960	49169	CVE-2009-1904	[rubyonrails-security] 20090610 DoS Vulnerability in Ruby (CVE-2009-1904)	View
248961	49169	CVE-2009-1904	APPLE-SA-2010-03-29-1	View
248962	49169	CVE-2009-1904	[pkgsrc-changes] 20090610 CVS commit: pkgsrc/lang/ruby18-base	View
248963	49169	CVE-2009-1904	oval:org.mitre.oval:def:9780	View
248964	49169	CVE-2009-1904	http://redmine.ruby-lang.org/issues/show/794	View
248965	49169	CVE-2009-1904	GLSA-200906-02	View
248966	49169	CVE-2009-1904	SSA:2009-170-02	View
248967	49169	CVE-2009-1904	http://support.apple.com/kb/HT4077	View
248968	49169	CVE-2009-1904	http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/	View
248969	49169	CVE-2009-1904	MDVSA-2009:160	View
248970	49169	CVE-2009-1904	RHSA-2009:1140	View
248971	49169	CVE-2009-1904	http://www.ruby-forum.com/topic/189071	View
248972	49169	CVE-2009-1904	http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/	View
248973	49169	CVE-2009-1904	35278	View
248974	49169	CVE-2009-1904	1022371	View
248975	49169	CVE-2009-1904	USN-805-1	View
248976	49169	CVE-2009-1904	ADV-2009-1563	View
248977	49169	CVE-2009-1904	ruby-bigdecimal-dos(51032)	View
248978	49169	CVE-2009-1904	https://bugs.launchpad.net/bugs/385436	View
248979	49169	CVE-2009-1904	https://bugs.launchpad.net/bugs/cve/2009-1904	View
248980	49169	CVE-2009-1904	FEDORA-2009-13066	View

Related JVN

Id	Name	Title	Summary	Cveinfo Name	Cveinfo Id	Nvdinfo Name	Nvdinfo Id	Cvssv2	Cvssv3	Jvnurl	Published Date	Last Updated Date	Actions
40877	JVNDB-2009-001883	Ruby の BigDecimal ライブラリにおけるサービス運用妨害 (DoS) の脆弱性	Ruby の BigDecimal ライブラリには、大きな数を表す文字列の引数処理に不備があるため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。	CVE-2009-1904	39335	CVE-2009-1904	49169	5		http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001883.html	2009-06-09	2010-04-26	View

Message	Memory use
Component initialization	1.38 MB
Controller action start	1.48 MB
Controller render start	2.30 MB
View render complete	13.63 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.60
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	472.50
Event: Controller.beforeRender	4.86
» Processing toolbar data	4.75
Rendering View	581.47
» Event: View.beforeRender	0.02
» Rendering APP/View/Nvdinfos/view.ctp	554.17
» Event: View.afterRender	0.04
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	13.99
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	4.87
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/nvdinfos/view/49169
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/nvdinfos/view/49169
Remote Port	60556
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	18.226.52.76
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	18.226.52.76
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	18.226.52.76
Unique Id	aCfRhzR6X3wxO108N853ZwAAAVQ
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	18.226.52.76
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	18.226.52.76
Redirect Unique Id	aCfRhzR6X3wxO108N853ZwAAAVQ
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	18.226.52.76
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	18.226.52.76
Redirect Redirect Unique Id	aCfRhzR6X3wxO108N853ZwAAAVQ
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1747440007.9765
Request Time	1747440007

NVD

Actions

Related NVD References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files