Lucene search
UbuntuUSN-273-1HistoryApr 24, 2006 - 12:00 a.m.
Ruby vulnerability
2006-04-2400:00:00
ubuntu.com
30
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.3 Medium
AI Score
Confidence
Low
0.044 Low
EPSS
Percentile
92.5%
Releases
- Ubuntu 5.10
- Ubuntu 5.04
- Ubuntu 4.10
Details
Yukihiro Matsumoto reported that Ruby’s HTTP module uses blocking
sockets. By sending large amounts of data to a server application that
uses this module, a remote attacker could exploit this to render this
application unusable and not respond any more to other clients (Denial
of Service).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 5.10 | noarch | libruby1.8 | < * | UNKNOWN |
| Ubuntu | 5.10 | noarch | libwebrick-ruby1.8 | < * | UNKNOWN |
| Ubuntu | 5.04 | noarch | libruby1.8 | < * | UNKNOWN |
| Ubuntu | 5.04 | noarch | libwebrick-ruby1.8 | < * | UNKNOWN |
| Ubuntu | 4.10 | noarch | libruby1.8 | < * | UNKNOWN |
| Ubuntu | 4.10 | noarch | libwebrick-ruby1.8 | < * | UNKNOWN |
References
Related
redhat
redhat
(RHSA-2006:0427) ruby security update
2006-05-09 00:00:00
nessus
nessus
CentOS 4 : ruby (CESA-2006:0427)
2006-07-05 00:00:00
Ubuntu 4.10 / 5.04 / 5.10 : ruby1.8 vulnerability (USN-273-1)
2006-04-26 00:00:00
RHEL 4 : ruby (RHSA-2006:0427)
2006-05-13 00:00:00
gentoo
gentoo
Ruby: Denial of service
2006-05-10 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200605-11 (ruby)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200605-11 (ruby)
2008-09-24 00:00:00
Debian Security Advisory DSA 1157-1 (ruby1.8)
2008-01-17 00:00:00
nvd
nvd
CVE-2006-1931
2006-04-20 21:02:00
centos
centos
irb, ruby security update
2006-05-09 13:14:56
ubuntucve
ubuntucve
CVE-2006-1931
2006-04-20 00:00:00
cve
cve
CVE-2006-1931
2006-04-20 21:02:00
prion
prion
Design/Logic Flaw
2006-04-20 21:02:00
cvelist
cvelist
CVE-2006-1931
2006-04-20 21:00:00
osv
osv
ruby1.8
2006-08-27 00:00:00
debian
debian
[SECURITY] [DSA 1157-1] New ruby1.8 packages fix several vulnerabilities
2006-08-27 19:51:21
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.3 Medium
AI Score
Confidence
Low
0.044 Low
EPSS
Percentile
92.5%
Related for USN-273-1