Lucene search
HistoryDec 09, 2008 - 12:30 a.m.
CVE-2008-4310
cve-2008-4310
denial of service
cpu consumption
remote attack
http
webrick
ruby 1.8.1
ruby 1.8.5
red hat enterprise linux 4
red hat enterprise linux 5
incomplete fix
6.5 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.013 Low
EPSS
Percentile
85.5%
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ruby-lang:ruby | ruby-lang ruby | eq | 1.8.5 |
| ruby-lang:ruby | ruby-lang ruby | eq | 1.8.1 |
References
Social References
More
Related
openvas
openvas
CentOS Update for irb CESA-2008:0981 centos4 i386
2009-02-27 00:00:00
CentOS Update for irb CESA-2008:0981 centos4 x86_64
2009-02-27 00:00:00
RedHat Update for ruby RHSA-2008:0981-02
2009-03-06 00:00:00
nessus
nessus
RHEL 4 / 5 : ruby (RHSA-2008:0981)
2008-12-05 00:00:00
Scientific Linux Security Update : ruby on SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 4 / 5 : ruby (ELSA-2008-0981)
2013-07-12 00:00:00
redhat
redhat
(RHSA-2008:0981) Moderate: ruby security update
2008-12-04 00:00:00
(RHSA-2008:0897) Moderate: ruby security update
2008-10-21 00:00:00
prion
prion
Design/Logic Flaw
2008-12-09 00:30:00
Design/Logic Flaw
2008-08-13 01:41:00
github
github
WEBrick Denial of Service Vulnerability
2022-05-02 00:08:51
centos
centos
irb, ruby security update
2008-12-05 16:16:47
irb, ruby security update
2008-10-24 00:04:31
osv
osv
WEBrick Denial of Service Vulnerability
2022-05-02 00:08:51
ruby1.8 - several vulnerabilities
2008-10-12 00:00:00
ruby1.9 - several vulnerabilities
2008-10-12 00:00:00
oraclelinux
oraclelinux
ruby security update
2008-12-04 00:00:00
ruby security update
2008-10-21 00:00:00
cve
cve
CVE-2008-3656
2008-08-13 01:41:00
ubuntucve
ubuntucve
CVE-2008-3656
2008-08-12 00:00:00
rubygems
rubygems
WEBrick Denial of Service Vulnerability
2008-12-07 21:00:00
freebsd
freebsd
ruby -- multiple vulnerabilities in safe level
2008-08-08 00:00:00
ruby -- DoS vulnerability in WEBrick
2008-08-08 00:00:00
debian
debian
[SECURITY] [DSA 1651-1] New ruby1.8 packages fix several vulnerabilities
2008-10-12 09:36:52
[SECURITY] [DSA 1652-1] New ruby1.9 packages fix several vulnerabilities
2008-10-12 09:37:58
ubuntu
ubuntu
Ruby vulnerabilities
2008-10-10 00:00:00
suse
suse
remote code execution in dhcp-client
2009-07-15 16:27:03
gentoo
gentoo
Ruby: Multiple vulnerabilities
2008-12-16 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: ruby-1.8.6.287-2.fc9
2008-10-09 21:29:45
[SECURITY] Fedora 8 Update: ruby-1.8.6.287-2.fc8
2008-10-09 21:35:31
securityvulns
securityvulns
About the security content of Security Update 2009-002 / Mac OS X v10.5.7
2009-05-14 00:00:00
6.5 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.013 Low
EPSS
Percentile
85.5%
Related for CVE-2008-4310