[FREEBSD:AB8DBE98-6BE4-11DB-AE91-0012F06707F0] ruby -- cgi.rb library Denial of Service
Severity
Medium
Affected Packages
2
CVEs
1
Official ruby site reports:
A vulnerability has been discovered in the CGI library (cgi.rb)
that ships with Ruby which could be used by a malicious user to
create a denial of service attack (DoS). The problem is triggered
by sending the library an HTTP request that uses multipart MIME
encoding and as an invalid boundary specifier that begins with
"-" instead of "--". Once triggered it will
exhaust all available memory resources effectively creating a DoS
condition.
| Package | Affected Version |
|---|---|
 pkg:freebsd/ruby_static
|
|
|
pkg:freebsd/ruby
|
< 1.8.5_4,1 |
- ID
- FREEBSD:AB8DBE98-6BE4-11DB-AE91-0012F06707F0
- Severity
- medium
- Severity from
- CVE-2006-5467
- URL
- http://vuxml.freebsd.org/freebsd/ab8dbe98-6be4-11db-ae91-0012f06707f0.html
- Published
-
2006-10-25T00:00:00
(18 years ago) - Modified
-
2006-11-04T00:00:00
(18 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
FEDORA-2006-1109
GLSA-200611-12
USN-371-1| Source | # ID | Name | URL |
|---|---|---|---|
| FreeBSD VuXML |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:freebsd/ruby_static |
ruby_static
|
|||||
| Affected | pkg:freebsd/ruby |
ruby
|
< 1.8.5_4,1 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |