logo
DATABASE RESOURCES PRICING ABOUT US

Regular Expression Denial Of Service (ReDoS)

Description

webrick is vulenrable to regex denial of service (ReDoS). An attacker is able to crash the application by submitting malicious strings within the Authorization header to the authentication module.


Affected Software


CPE Name Name Version
webrick 1.4.2
webrick 1.4.0.beta1
ruby2.5:eoan 2.5.5-4ubuntu2
ruby2.5:bionic 2.5.1-1ubuntu1
ruby2.3:xenial 2.3.0-5ubuntu1
ruby:3.7 2.4.6-r0
jruby:stretch 1.7.26-1+deb9u1
rh-ruby25-ruby 2.5.0__5.el7
rh-ruby25-ruby 2.5.5__7.el7
rh-ruby25-ruby 2.5.3__6.el7
rh-ruby26-ruby 2.6.2__118.el7
ruby 1.8.5__27.el5
ruby 1.8.5__5.el5
ruby 1.8.7.352__12.el6_4
ruby 1.8.5__5.el5_2.5
ruby 1.8.5__19.el5_6.1
ruby 1.8.7.352__6.el6
ruby 1.8.7.299__7.el6
ruby 1.8.7.352__10.el6_4
ruby 1.8.7.352__7.el6_2
ruby 1.8.5__5.el5_3.7
ruby 1.8.5__29.el5_9
ruby 1.8.7.374__2.el6
ruby 2.0.0.648__36.el7
ruby 2.4.5__90.el7cf
ruby 1.8.5__31.el5_9
ruby 1.8.5__24.el5
ruby 2.0.0.648__39.el7_9
ruby 1.8.5__5.el5_2.3
ruby 1.8.5__22.el5_7.1
ruby 2.0.0.648__35.el7_6
ruby 1.8.5__5.el5_4.8
ruby 2.0.0.598__25.ael7b_1
ruby 1.8.7.299__4.el6
ruby 1.8.5__5.el5_1.1
ruby 1.8.5__5.el5_2.6
ruby 1.8.7.374__3.el6_6
ruby 1.8.7.352__3.el6
ruby 1.8.7.374__5.el6
ruby 2.4.9__93.el7cf
ruby 1.8.7.299__5.el6_0.1
ruby 2.0.0.648__34.el7_6
ruby 1.8.7.352__4.el6_2
ruby 1.8.7.299__7.el6_1.1
ruby 2.4.6__91.el7cf
ruby 1.8.7.374__4.el6_6
ruby 1.8.7.352__13.el6

Related