[FREEBSD:AB8DBE98-6BE4-11DB-AE91-0012F06707F0] ruby -- cgi.rb library Denial of Service
Severity
Medium
Affected Packages
2
CVEs
1
Official ruby site reports:
A vulnerability has been discovered in the CGI library (cgi.rb)
that ships with Ruby which could be used by a malicious user to
create a denial of service attack (DoS). The problem is triggered
by sending the library an HTTP request that uses multipart MIME
encoding and as an invalid boundary specifier that begins with
"-" instead of "--". Once triggered it will
exhaust all available memory resources effectively creating a DoS
condition.
Package | Affected Version |
---|---|
pkg:freebsd/ruby_static | |
pkg:freebsd/ruby | < 1.8.5_4,1 |
- ID
- FREEBSD:AB8DBE98-6BE4-11DB-AE91-0012F06707F0
- Severity
- medium
- Severity from
- CVE-2006-5467
- URL
- http://vuxml.freebsd.org/freebsd/ab8dbe98-6be4-11db-ae91-0012f06707f0.html
- Published
-
2006-10-25T00:00:00
(18 years ago) - Modified
-
2006-11-04T00:00:00
(18 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/ruby_static | ruby_static | |||||
Affected | pkg:freebsd/ruby | ruby | < 1.8.5_4,1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |