Lucene search
RubySecRUBY:RUBY-2008-3656HistoryAug 07, 2008 - 8:00 p.m.
Ruby WEBrick::HTTP::DefaultFileHandler DoS
2008-08-0720:00:00
RubySec
rubysec.com
15
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
Algorithmic complexity vulnerability in the
WEBrick::HTTPUtils.split_header_value function in
WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6
through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows
context-dependent attackers to cause a denial of service (CPU consumption)
via a crafted HTTP request that is processed by a backtracking regular
expression.
Affected configurations
Node
rubyrubyRange1.8.6.286–1.8.7.0
ORrubyrubyRange1.8.7.71–1.8.8.0
ORrubyrubyRange<1.9.0
Related
cvelist
cvelist
CVE-2008-3656
2008-08-13 01:00:00
CVE-2008-4310
2008-12-09 00:00:00
metasploit
metasploit
Ruby WEBrick::HTTP::DefaultFileHandler DoS
2008-10-17 15:40:20
packetstorm
packetstorm
Ruby WEBrick::HTTP::DefaultFileHandler Denial of Service
2024-08-31 00:00:00
cve
cve
CVE-2008-3656
2008-08-13 01:41:00
CVE-2008-4310
2008-12-09 00:30:00
ubuntucve
ubuntucve
CVE-2008-3656
2008-08-12 00:00:00
prion
prion
Design/Logic Flaw
2008-08-13 01:41:00
Design/Logic Flaw
2008-12-09 00:30:00
nvd
nvd
CVE-2008-3656
2008-08-13 01:41:00
CVE-2008-4310
2008-12-09 00:30:00
openvas
openvas
CentOS Update for irb CESA-2008:0981 centos4 x86_64
2009-02-27 00:00:00
RedHat Update for ruby RHSA-2008:0981-02
2009-03-06 00:00:00
CentOS Update for irb CESA-2008:0981 centos4 x86_64
2009-02-27 00:00:00
github
github
WEBrick Denial of Service Vulnerability
2022-05-02 00:08:51
nessus
nessus
CentOS 4 / 5 : ruby (CESA-2008:0981)
2008-12-26 00:00:00
Scientific Linux Security Update : ruby on SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 4 / 5 : ruby (ELSA-2008-0981)
2013-07-12 00:00:00
rubygems
rubygems
WEBrick Denial of Service Vulnerability
2008-12-07 21:00:00
osv
osv
WEBrick Denial of Service Vulnerability
2022-05-02 00:08:51
ruby1.9 - several vulnerabilities
2008-10-12 00:00:00
ruby1.8 - several vulnerabilities
2008-10-12 00:00:00
centos
centos
irb, ruby security update
2008-12-05 16:16:47
irb, ruby security update
2008-10-24 00:04:31
exploitdb
exploitdb
redhat
redhat
(RHSA-2008:0981) Moderate: ruby security update
2008-12-04 00:00:00
(RHSA-2008:0897) Moderate: ruby security update
2008-10-21 00:00:00
oraclelinux
oraclelinux
ruby security update
2008-12-04 00:00:00
ruby security update
2008-10-21 00:00:00
freebsd
freebsd
ruby -- multiple vulnerabilities in safe level
2008-08-08 00:00:00
ruby -- DoS vulnerability in WEBrick
2008-08-08 00:00:00
debian
debian
[SECURITY] [DSA 1651-1] New ruby1.8 packages fix several vulnerabilities
2008-10-12 09:36:52
[SECURITY] [DSA 1652-1] New ruby1.9 packages fix several vulnerabilities
2008-10-12 09:37:58
ubuntu
ubuntu
Ruby vulnerabilities
2008-10-10 00:00:00
suse
suse
remote code execution in dhcp-client
2009-07-15 16:27:03
gentoo
gentoo
Ruby: Multiple vulnerabilities
2008-12-16 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: ruby-1.8.6.287-2.fc9
2008-10-09 21:29:45
[SECURITY] Fedora 8 Update: ruby-1.8.6.287-2.fc8
2008-10-09 21:35:31
securityvulns
securityvulns
About the security content of Security Update 2009-002 / Mac OS X v10.5.7
2009-05-14 00:00:00
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related for RUBY:RUBY-2008-3656