1. Home
  2. Vulnerabilities
  3. CVE-2008-3656

CVE-2008-3656

CVSS v2.0 7.8 (High)
78% Progress
EPSS 10.07 % (95th)
10.07% Progress
Affected Products 1
Advisories 7
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.

Weaknesses
CWE-399
Resource Management Errors
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2008-08-13 01:41:00
(16 years ago)
Updated Date
2018-10-11 20:48:59
(6 years ago)

Affected Products

Ruby-lang

Configuration #1

    CPE23 From Up To
  Ruby-lang Ruby 1.8.5 and prior versions cpe:2.3:a:ruby-lang:ruby <= 1.8.5
  Ruby-lang Ruby 1.6.8 cpe:2.3:a:ruby-lang:ruby:1.6.8
  Ruby-lang Ruby 1.8.0 cpe:2.3:a:ruby-lang:ruby:1.8.0
  Ruby-lang Ruby 1.8.1 cpe:2.3:a:ruby-lang:ruby:1.8.1
  Ruby-lang Ruby 1.8.1 -9 cpe:2.3:a:ruby-lang:ruby:1.8.1:-9
  Ruby-lang Ruby 1.8.2 cpe:2.3:a:ruby-lang:ruby:1.8.2
  Ruby-lang Ruby 1.8.2 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2
  Ruby-lang Ruby 1.8.2 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3
  Ruby-lang Ruby 1.8.2 Preview4 cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4
  Ruby-lang Ruby 1.8.3 cpe:2.3:a:ruby-lang:ruby:1.8.3
  Ruby-lang Ruby 1.8.3 Preview1 cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1
  Ruby-lang Ruby 1.8.3 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2
  Ruby-lang Ruby 1.8.3 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3
  Ruby-lang Ruby 1.8.4 cpe:2.3:a:ruby-lang:ruby:1.8.4
  Ruby-lang Ruby 1.8.4 Preview1 cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1
  Ruby-lang Ruby 1.8.4 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2
  Ruby-lang Ruby 1.8.4 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3
  Ruby-lang Ruby 1.8.5 P11 cpe:2.3:a:ruby-lang:ruby:1.8.5:p11
  Ruby-lang Ruby 1.8.5 P113 cpe:2.3:a:ruby-lang:ruby:1.8.5:p113
  Ruby-lang Ruby 1.8.5 P115 cpe:2.3:a:ruby-lang:ruby:1.8.5:p115
  Ruby-lang Ruby 1.8.5 P12 cpe:2.3:a:ruby-lang:ruby:1.8.5:p12
  Ruby-lang Ruby 1.8.5 P2 cpe:2.3:a:ruby-lang:ruby:1.8.5:p2
  Ruby-lang Ruby 1.8.5 P35 cpe:2.3:a:ruby-lang:ruby:1.8.5:p35
  Ruby-lang Ruby 1.8.5 Preview1 cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1
  Ruby-lang Ruby 1.8.5 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2
  Ruby-lang Ruby 1.8.5 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3
  Ruby-lang Ruby 1.8.5 Preview4 cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4
  Ruby-lang Ruby 1.8.5 Preview5 cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5
  Ruby-lang Ruby 1.8.6 cpe:2.3:a:ruby-lang:ruby:1.8.6
  Ruby-lang Ruby 1.8.6 P110 cpe:2.3:a:ruby-lang:ruby:1.8.6:p110
  Ruby-lang Ruby 1.8.6 P114 cpe:2.3:a:ruby-lang:ruby:1.8.6:p114
  Ruby-lang Ruby 1.8.6 Preview1 cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1
  Ruby-lang Ruby 1.8.6 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2
  Ruby-lang Ruby 1.8.6 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3
  Ruby-lang Ruby 1.8.7 cpe:2.3:a:ruby-lang:ruby:1.8.7
  Ruby-lang Ruby 1.8.7 P17 cpe:2.3:a:ruby-lang:ruby:1.8.7:p17
  Ruby-lang Ruby 1.8.7 P22 cpe:2.3:a:ruby-lang:ruby:1.8.7:p22
  Ruby-lang Ruby 1.8.7 P71 cpe:2.3:a:ruby-lang:ruby:1.8.7:p71
  Ruby-lang Ruby 1.8.7 Preview1 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1
  Ruby-lang Ruby 1.8.7 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2
  Ruby-lang Ruby 1.8.7 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3
  Ruby-lang Ruby 1.8.7 Preview4 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4
  Ruby-lang Ruby 1.9.0 cpe:2.3:a:ruby-lang:ruby:1.9.0