Lucene search

K

GoogleOSV:GHSA-WFRC-R6C6-7J9R

HistoryMay 02, 2022 - 12:08 a.m.

WEBrick Denial of Service Vulnerability

2022-05-0200:08:51

Google

osv.dev

4

7.2 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.107 Low

EPSS

Percentile

95.0%

httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.

References

www.openwall.com/lists/oss-security/2008/12/04/2

www.redhat.com/support/errata/RHSA-2008-0981.html

bugzilla.redhat.com/show_bug.cgi?id=470252

github.com/ruby/webrick

github.com/ruby/webrick/commit/b2ccd5ff7ddd67a4548299e110dcc5a4728a5534

github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2008-4310.yml

nvd.nist.gov/vuln/detail/CVE-2008-4310

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250

web.archive.org/web/20111230125610/secunia.com/advisories/33013

7.2 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.107 Low

EPSS

Percentile

95.0%

Related for OSV:GHSA-WFRC-R6C6-7J9R

openvas40 prion2 github1 cve2 centos2 nessus24 redhat2 oraclelinux2 ubuntucve1 rubygems1 freebsd2 osv2 debian2 ubuntu1 suse1 gentoo1 fedora2 securityvulns1