55 matches found
[ MDKSA-2006:225 ] - Updated ruby packages fix DoS vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2006:225 http://www.mandriva.com/security/ Package : ruby Date : December 6, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0 Problem Description: Another vulnerability has been discovered in the CGI...
ruby DoS
SPU axhaustion in CGI library on parsing HTTP request with invalid MIME booundaries...
Another DoS Vulnerability in CGI Library
The readmultipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service infinite loop via crafted HTTP requests, a different issue than CVE-2006-5467...
FreeBSD : ruby -- cgi.rb library Denial of Service (a8674c14-83d7-11db-88d5-0012f06707f0)
The official ruby site reports : Another vulnerability has been discovered in the CGI library cgi.rb that ships with Ruby which could be used by a malicious user to create a denial of service attack DoS. A specific HTTP request for any web application using cgi.rb causes CPU consumption on the...
JVN#84798830 Denial of service vulnerability in Ruby CGI library (cgi.rb)
Impact A remote attacker could possibly conduct a DoS attack on a Ruby server by sending it a specially crafted request. Solution Products Affected 1.8 series 1.8.5 and all previous versions Developer version 1.9 series 2006-12-04 and all previous versions For more information, refer to the...
ruby -- cgi.rb library Denial of Service
The official ruby site reports: Another vulnerability has been discovered in the CGI library cgi.rb that ships with Ruby which could be used by a malicious user to create a denial of service attack DoS. A specific HTTP request for any web application using cgi.rb causes CPU consumption on the...
GLSA-200611-12 : Ruby: Denial of Service vulnerability
The remote host is affected by the vulnerability described in GLSA-200611-12 Ruby: Denial of Service vulnerability Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported that the CGI library shipped with Ruby is vulnerable to a remote Denial of Service by an unauthenticated user...
Ruby: Denial of Service vulnerability
Background Ruby is a dynamic, open source programming language with a focus on simplicity and productivity. Description Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported that the CGI library shipped with Ruby is vulnerable to a remote Denial of Service by an unauthenticated...
FreeBSD : ruby -- cgi.rb library Denial of Service (ab8dbe98-6be4-11db-ae91-0012f06707f0)
Official ruby site reports : A vulnerability has been discovered in the CGI library cgi.rb that ships with Ruby which could be used by a malicious user to create a denial of service attack DoS. The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and a...
[OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenPKG Security Advisory OpenPKG GmbH http://openpkg.org/security/ http://openpkg.com OpenPKG-SA-2006.030 2006-11-04 Package: ruby Vulnerability: denial of service OpenPKG Specific: no Affected Series: Affected Packages: Corrected Packages: E1.0-SOLI...
USN-371-1: Ruby vulnerability
An error was found in Ruby's CGI library that did not correctly check for the end of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU...
Resource Management Errors
Overview Affected versions of this package are vulnerable to Resource Management Errors. The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary...
CVE-2006-5467
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and...
ruby -- cgi.rb library Denial of Service
Official ruby site reports: A vulnerability has been discovered in the CGI library cgi.rb that ships with Ruby which could be used by a malicious user to create a denial of service attack DoS. The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as...
Lib CGI 0.1 - Include Buffer Overflow
// source: https://www.securityfocus.com/bid/6264/info Lib CGI is a freely available, open source CGI library for C programmers. It is available for Unix and Linux operating systems. It has been reported that a buffer overflow exists in the Lib CGI development library. Due to improper bounds...