Description

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.

Remediation

References

CVE-2011-2686

Related Vulnerabilities

PHP version older than 5.2.8

MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7321)

PHP Other Vulnerability (CVE-2006-2563)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-6377)

Internet Information Services Other Vulnerability (CVE-2002-1182)

Severity

Medium

Classification

CVE-2011-2686

Tags

Missing Update Known Vulnerabilities