ruby -- DoS vulnerability in WEBrick

2008-08-0800:00:00

vuxml.freebsd.org

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.355 Low

EPSS

Percentile

97.1%

JSON

The official ruby site reports:

WEBrick::HTTP::DefaultFileHandler is faulty of exponential time
taking requests due to a backtracking regular expression in
WEBrick::HTTPUtils.split_header_value.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchruby= 1.8.*,1UNKNOWN
FreeBSDanynoarchruby< 1.8.6.111_5,1UNKNOWN
FreeBSDanynoarchruby+pthreads= 1.8.*,1UNKNOWN
FreeBSDanynoarchruby+pthreads< 1.8.6.111_5,1UNKNOWN
FreeBSDanynoarchruby+pthreads+oniguruma= 1.8.*,1UNKNOWN
FreeBSDanynoarchruby+pthreads+oniguruma< 1.8.6.111_5,1UNKNOWN
FreeBSDanynoarchruby+oniguruma= 1.8.*,1UNKNOWN
FreeBSDanynoarchruby+oniguruma< 1.8.6.111_5,1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	ruby	= 1.8.*,1	UNKNOWN
FreeBSD	any	noarch	ruby	< 1.8.6.111_5,1	UNKNOWN
FreeBSD	any	noarch	ruby+pthreads	= 1.8.*,1	UNKNOWN
FreeBSD	any	noarch	ruby+pthreads	< 1.8.6.111_5,1	UNKNOWN
FreeBSD	any	noarch	ruby+pthreads+oniguruma	= 1.8.*,1	UNKNOWN
FreeBSD	any	noarch	ruby+pthreads+oniguruma	< 1.8.6.111_5,1	UNKNOWN
FreeBSD	any	noarch	ruby+oniguruma	= 1.8.*,1	UNKNOWN
FreeBSD	any	noarch	ruby+oniguruma	< 1.8.6.111_5,1	UNKNOWN