Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200411-23
HistoryNov 16, 2004 - 12:00 a.m.

Ruby: Denial of Service issue

2004-11-1600:00:00
Gentoo Foundation
security.gentoo.org
15

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.024

Percentile

90.0%

JSON

Background

Ruby is an interpreted scripting language for quick and easy object-oriented programming. Ruby’s CGI module can be used to build web applications.

Description

Ruby’s developers found and fixed an issue in the CGI module that can be triggered remotely and cause an infinite loop.

Impact

A remote attacker could trigger the vulnerability through an exposed Ruby web application and cause the server to use unnecessary CPU resources, potentially resulting in a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Ruby 1.6.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.6.8-r12"

All Ruby 1.8.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.2_pre3"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-lang/ruby< 1.8.2_pre3UNKNOWN

Related

debian 2
cvelist 1
nessus 15
openvas 11
freebsd 1
securityvulns 1
osv 1
redhat 1
cve 1
nvd 1
ubuntucve 1
ubuntu 1
debian
debian
[SECURITY] [DSA 586-1] New ruby packages fix denial of service
2004-11-08 09:36:34
[SECURITY] [DSA 586-1] New ruby packages fix denial of service
2004-11-08 09:36:34
cvelist
cvelist
CVE-2004-0983
2004-11-19 05:00:00
nessus
nessus
GLSA-200411-23 : Ruby: Denial of Service issue
2004-11-16 00:00:00
FreeBSD : ruby -- CGI DoS (d656296b-33ff-11d9-a9e7-0001020eed82)
2009-04-23 00:00:00
Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS
2004-11-13 00:00:00
openvas
openvas
Debian Security Advisory DSA 586-1 (ruby)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-586-1)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-20-1)
2022-08-26 00:00:00
freebsd
freebsd
ruby -- CGI DoS
2004-11-06 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 586-1] New ruby packages fix denial of service
2004-11-09 00:00:00
osv
osv
ruby - infinite loop
2004-11-08 00:00:00
redhat
redhat
(RHSA-2004:635) ruby security update
2005-01-17 00:00:00
cve
cve
CVE-2004-0983
2005-03-01 05:00:00
nvd
nvd
CVE-2004-0983
2005-03-01 05:00:00
ubuntucve
ubuntucve
CVE-2004-0983
2005-03-01 00:00:00
ubuntu
ubuntu
Ruby CGI module vulnerability
2004-11-09 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.024

Percentile

90.0%

JSON
Related for GLSA-200411-23
debian2cvelist1nessus15openvas11freebsd1securityvulns1osv1redhat1cve1nvd1ubuntucve1ubuntu1