CVE-2004-0983

2005-03-0105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0983

ruby

cgi module

denial of service

remote attackers

http request

nvd

6.2 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.9%

JSON

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

CPENameOperatorVersion
yukihiro_matsumoto:rubyyukihiro matsumoto rubyeq1.8.1
yukihiro_matsumoto:rubyyukihiro matsumoto rubyeq1.8.2_pre2
yukihiro_matsumoto:rubyyukihiro matsumoto rubyeq1.6.7
yukihiro_matsumoto:rubyyukihiro matsumoto rubyeq1.6
yukihiro_matsumoto:rubyyukihiro matsumoto rubyeq1.8
yukihiro_matsumoto:rubyyukihiro matsumoto rubyeq1.8.2_pre1
mandrakesoft:mandrake_linux_corporate_servermandrakesoft mandrake linux corporate servereq2.1
ubuntu:ubuntu_linuxubuntu ubuntu linuxeq4.1
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq9.2
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq10.1

CPE	Name	Operator	Version
yukihiro_matsumoto:ruby	yukihiro matsumoto ruby	eq	1.8.1
yukihiro_matsumoto:ruby	yukihiro matsumoto ruby	eq	1.8.2_pre2
yukihiro_matsumoto:ruby	yukihiro matsumoto ruby	eq	1.6.7
yukihiro_matsumoto:ruby	yukihiro matsumoto ruby	eq	1.6
yukihiro_matsumoto:ruby	yukihiro matsumoto ruby	eq	1.8
yukihiro_matsumoto:ruby	yukihiro matsumoto ruby	eq	1.8.2_pre1
mandrakesoft:mandrake_linux_corporate_server	mandrakesoft mandrake linux corporate server	eq	2.1
ubuntu:ubuntu_linux	ubuntu ubuntu linux	eq	4.1
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	9.2
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	10.1