CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
96.4%
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a
denial of service (infinite loop and CPU consumption) via an HTTP request
with a multipart MIME body that contains an invalid boundary specifier, as
demonstrated using a specifier that begins with a “-” instead of “–” and
contains an inconsistent ID.