{"result": {"cve": [{"id": "CVE-2006-5467", "type": "cve", "title": "CVE-2006-5467", "description": "The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a \"-\" instead of \"--\" and contains an inconsistent ID.", "published": "2006-10-27T14:07:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5467", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-03T07:44:35"}], "jvn": [{"id": "JVN:84798830", "type": "jvn", "title": "JVN#84798830 Denial of service vulnerability in Ruby CGI library (cgi.rb)", "description": "\n ## Description\n\n ## Impact\n\nA remote attacker could possibly conduct a DoS attack on a Ruby server by sending it a specially crafted request. \n\n ## Solution\n\n ## Products Affected\n\n * 1.8 series \n1.8.5 and all previous versions\n * Developer version (1.9 series) \n2006-12-04 and all previous versions\nFor more information, refer to the vendor's website. \n", "published": "2006-12-04T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://jvn.jp/en/jp/JVN84798830/index.html", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-03-23T17:09:39"}], "centos": [{"id": "CESA-2006:0729", "type": "centos", "title": "irb, ruby security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0729\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013361.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013362.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013363.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013364.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013374.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013375.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013387.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013388.html\n\n**Affected packages:**\nirb\nruby\nruby-devel\nruby-docs\nruby-libs\nruby-mode\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0729.html", "published": "2006-11-08T19:36:57", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-November/013361.html", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-12-05T20:03:58"}, {"id": "CESA-2006:0729-01", "type": "centos", "title": "irb, ruby security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0729-01\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013366.html\n\n**Affected packages:**\nirb\nruby\nruby-devel\nruby-docs\nruby-libs\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2006-11-09T01:08:40", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-November/013366.html", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-12-05T20:41:41"}], "openvas": [{"id": "OPENVAS:65439", "type": "openvas", "title": "SLES9: Security update for ruby", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ruby\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020525 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65439", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-07-02T21:14:07"}, {"id": "OPENVAS:57925", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200611-12 (ruby)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200611-12.", "published": "2008-09-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57925", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-07-02T21:10:20"}, {"id": "OPENVAS:57560", "type": "openvas", "title": "FreeBSD Ports: ruby, ruby_static", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57560", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-07-02T21:10:26"}], "ubuntu": [{"id": "USN-371-1", "type": "ubuntu", "title": "Ruby vulnerability", "description": "An error was found in Ruby's CGI library that did not correctly check \nfor the end of multipart MIME requests. Using a crafted HTTP request, a \nremote user could cause a denial of service, where Ruby CGI applications \nwould end up in a loop, monopolizing a CPU.", "published": "2006-11-01T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.ubuntu.com/usn/usn-371-1", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-05-01T08:28:40"}], "nessus": [{"id": "DEBIAN_DSA-1235.NASL", "type": "nessus", "title": "Debian DSA-1235-1 : ruby1.8 - denial of service", "description": "A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming.", "published": "2006-12-14T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23848", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-26T17:24:52"}, {"id": "SUSE_RUBY-2219.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : ruby (ruby-2219)", "description": "A denial of service problem in the CGI multipart parsing of 'ruby' was fixed, which could have allowed remote attackers to affect a denial of service attack against ruby based webservices. (CVE-2006-5467)", "published": "2007-10-17T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27422", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-26T17:25:08"}, {"id": "CENTOS_RHSA-2006-0729.NASL", "type": "nessus", "title": "CentOS 3 / 4 : ruby (CESA-2006:0729)", "description": "Updated ruby packages that fix a denial of service issue for the CGI instance are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nRuby is an interpreted scripting language for object-oriented programming.\n\nA flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service.\n(CVE-2006-5467)\n\nUsers of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.", "published": "2009-04-23T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=37153", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-26T17:24:03"}, {"id": "ORACLELINUX_ELSA-2006-0729.NASL", "type": "nessus", "title": "Oracle Linux 3 : ruby (ELSA-2006-0729)", "description": "From Red Hat Security Advisory 2006:0729 :\n\nUpdated ruby packages that fix a denial of service issue for the CGI instance are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nRuby is an interpreted scripting language for object-oriented programming.\n\nA flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service.\n(CVE-2006-5467)\n\nUsers of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.", "published": "2013-07-12T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67420", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-26T17:25:57"}, {"id": "GENTOO_GLSA-200611-12.NASL", "type": "nessus", "title": "GLSA-200611-12 : Ruby: Denial of Service vulnerability", "description": "The remote host is affected by the vulnerability described in GLSA-200611-12 (Ruby: Denial of Service vulnerability)\n\n Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported that the CGI library shipped with Ruby is vulnerable to a remote Denial of Service by an unauthenticated user.\n Impact :\n\n The vulnerability can be exploited by sending the cgi.rb library an HTTP request with multipart MIME encoding that contains a malformed MIME boundary specifier beginning with '-' instead of '--'. Successful exploitation of the vulnerability causes the library to go into an infinite loop waiting for additional nonexistent input.\n Workaround :\n\n There is no known workaround at this time.", "published": "2006-11-22T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23706", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-26T17:26:45"}, {"id": "SUSE_RUBY-2224.NASL", "type": "nessus", "title": "SuSE 10 Security Update : ruby (ZYPP Patch Number 2224)", "description": "A denial of service problem in the CGI multipart parsing of 'ruby' was fixed, which could have allowed remote attackers to affect a denial of service attack against ruby based webservices. (CVE-2006-5467)", "published": "2007-12-13T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29571", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-26T17:24:34"}, {"id": "REDHAT-RHSA-2006-0729.NASL", "type": "nessus", "title": "RHEL 2.1 / 3 / 4 : ruby (RHSA-2006:0729)", "description": "Updated ruby packages that fix a denial of service issue for the CGI instance are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nRuby is an interpreted scripting language for object-oriented programming.\n\nA flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service.\n(CVE-2006-5467)\n\nUsers of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.", "published": "2006-11-20T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23679", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-12-30T02:15:43"}, {"id": "FREEBSD_PKG_AB8DBE986BE411DBAE910012F06707F0.NASL", "type": "nessus", "title": "FreeBSD : ruby -- cgi.rb library Denial of Service (ab8dbe98-6be4-11db-ae91-0012f06707f0)", "description": "Official ruby site reports :\n\nA vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as an invalid boundary specifier that begins with '-' instead of '--'.\nOnce triggered it will exhaust all available memory resources effectively creating a DoS condition.", "published": "2006-11-06T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22938", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-26T17:24:54"}, {"id": "ORACLELINUX_ELSA-2006-0604.NASL", "type": "nessus", "title": "Oracle Linux 3 / 4 : ruby (ELSA-2006-0604 / ELSA-2006-0729)", "description": "Updated ruby packages that fix security issues are now available. \n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team. \n\nRuby is an interpreted scripting language for object-oriented programming. \n\nUsers of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues. \n\n\nFrom Red Hat Security Advisory 2006:0604 :\n\nA number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2006-3694)\n\n\nFrom Red Hat Security Advisory 2006:0729 :\n\nA flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467)", "published": "2013-07-12T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67399", "cvelist": ["CVE-2006-3694", "CVE-2006-5467"], "lastseen": "2016-09-26T17:23:45"}, {"id": "UBUNTU_USN-371-1.NASL", "type": "nessus", "title": "Ubuntu 5.04 / 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-371-1)", "description": "An error was found in Ruby's CGI library that did not correctly check for the end of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-11-10T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27952", "cvelist": ["CVE-2004-0983", "CVE-2006-5467"], "lastseen": "2016-09-26T17:23:43"}], "gentoo": [{"id": "GLSA-200611-12", "type": "gentoo", "title": "Ruby: Denial of Service vulnerability", "description": "### Background\n\nRuby is a dynamic, open source programming language with a focus on simplicity and productivity. \n\n### Description\n\nZed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported that the CGI library shipped with Ruby is vulnerable to a remote Denial of Service by an unauthenticated user. \n\n### Impact\n\nThe vulnerability can be exploited by sending the cgi.rb library an HTTP request with multipart MIME encoding that contains a malformed MIME boundary specifier beginning with \"-\" instead of \"--\". Successful exploitation of the vulnerability causes the library to go into an infinite loop waiting for additional nonexistent input. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Ruby users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/ruby-1.8.5-r3\"", "published": "2006-11-20T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200611-12", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-06T19:46:34"}], "debian": [{"id": "DSA-1235", "type": "debian", "title": "ruby1.8 -- denial of service", "description": "A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming.\n\nFor the stable distribution (sarge), this problem has been fixed in version 1.8.2-7sarge5.\n\nWe recommend that you upgrade your ruby1.8 package.", "published": "2006-12-13T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-1235", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-02T18:19:42"}, {"id": "DSA-1234", "type": "debian", "title": "ruby1.6 -- denial of service", "description": "A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming.\n\nFor the stable distribution (sarge), this problem has been fixed in version 1.6.8-12sarge3.\n\nWe recommend that you upgrade your ruby1.6 package.", "published": "2006-12-13T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-1234", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-02T18:30:33"}], "freebsd": [{"id": "AB8DBE98-6BE4-11DB-AE91-0012F06707F0", "type": "freebsd", "title": "ruby -- cgi.rb library Denial of Service", "description": "\nOfficial ruby site reports:\n\nA vulnerability has been discovered in the CGI library (cgi.rb)\n\t that ships with Ruby which could be used by a malicious user to\n\t create a denial of service attack (DoS). The problem is triggered\n\t by sending the library an HTTP request that uses multipart MIME\n\t encoding and as an invalid boundary specifier that begins with\n\t \"-\" instead of \"--\". Once triggered it will\n\t exhaust all available memory resources effectively creating a DoS\n\t condition.\n\n", "published": "2006-10-25T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/ab8dbe98-6be4-11db-ae91-0012f06707f0.html", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-26T17:25:04"}], "osvdb": [{"id": "OSVDB:34237", "type": "osvdb", "title": "Ruby cgi.rb Crafted HTTP Request DoS", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=305530)\nSecurity Tracker: 1017194\n[Secunia Advisory ID:22929](https://secuniaresearch.flexerasoftware.com/advisories/22929/)\n[Secunia Advisory ID:23040](https://secuniaresearch.flexerasoftware.com/advisories/23040/)\n[Secunia Advisory ID:22761](https://secuniaresearch.flexerasoftware.com/advisories/22761/)\n[Secunia Advisory ID:22932](https://secuniaresearch.flexerasoftware.com/advisories/22932/)\n[Secunia Advisory ID:22615](https://secuniaresearch.flexerasoftware.com/advisories/22615/)\n[Secunia Advisory ID:23344](https://secuniaresearch.flexerasoftware.com/advisories/23344/)\n[Secunia Advisory ID:25402](https://secuniaresearch.flexerasoftware.com/advisories/25402/)\n[Secunia Advisory ID:22624](https://secuniaresearch.flexerasoftware.com/advisories/22624/)\nRedHat RHSA: RHSA-2006:0729\nOther Advisory URL: http://www.debian.org/security/2006/dsa-1235\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200611-12.xml\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:192\nOther Advisory URL: http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P\nOther Advisory URL: http://www.debian.org/security/2006/dsa-1234\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_26_sr.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-371-1\nMail List Post: http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html\nFrSIRT Advisory: ADV-2006-4244\nFrSIRT Advisory: ADV-2006-4245\n[CVE-2006-5467](https://vulners.com/cve/CVE-2006-5467)\nBugtraq ID: 20777\n", "published": "2006-10-25T01:39:15", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:34237", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-04-28T13:20:30"}], "oraclelinux": [{"id": "ELSA-2006-0604", "type": "oraclelinux", "title": "Moderate ruby security update ", "description": " [1.8.1-7.EL4.8]\n - BR tcl-devel and tk-devel instead of tcl and tk.\n \n [1.8.1-7.EL4.7]\n - security fix release.\n - ruby-1.8.1-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that\n causes the denial of service. (#212237)\n \n [1.8.1-7.EL4.6]\n - security fixes [CVE-2006-3694]\n - fixed the insecure operations on Dir and Regexp in the certain safe-level\n restrictions. (#199539)\n - fixed to not bypass the certain safe-level restrictions. (#199545)\n \n [1.8.1-7.EL4.4]\n - ruby-magic-setjmp.patch: backported to fix unstable GC on ia64.\n [ruby-talk:144939] (#190805) ", "published": "2006-11-30T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2006-0604.html", "cvelist": ["CVE-2006-3694", "CVE-2006-5467"], "lastseen": "2016-09-04T11:16:34"}, {"id": "ELSA-2006-0729", "type": "oraclelinux", "title": "Moderate ruby security update ", "description": " [1.8.1-7.EL4.8]\n - BR tcl-devel and tk-devel instead of tcl and tk.\n \n [1.8.1-7.EL4.7]\n - security fix release.\n - ruby-1.8.1-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that\n causes the denial of service. (#212237)\n \n [1.8.1-7.EL4.6]\n - security fixes [CVE-2006-3694]\n - fixed the insecure operations on Dir and Regexp in the certain safe-level\n restrictions. (#199539)\n - fixed to not bypass the certain safe-level restrictions. (#199545)\n \n [1.8.1-7.EL4.4]\n - ruby-magic-setjmp.patch: backported to fix unstable GC on ia64.\n [ruby-talk:144939] (#190805) ", "published": "2006-11-30T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2006-0729.html", "cvelist": ["CVE-2006-3694", "CVE-2006-5467"], "lastseen": "2016-09-04T11:16:55"}]}}