Published: 27/10/2006 Updated: 11/10/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The cgi.rb CGI library for Ruby 1.8 allows remote malicious users to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.

Vulnerable Product	Search on Vulmon	Subscribe to Product
yukihiro matsumoto ruby 1.8

An error was found in Ruby’s CGI library that did not correctly check for the end of multipart MIME requests Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU ...

A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming For the stable distribution (sarge), this problem has been fixed in version 182-7sarge5 We recommend that you upgrade your ruby18 package ...

A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming For the stable distribution (sarge), this problem has been fixed in version 168-12sarge3 We recommend that you upgrade your ruby16 package ...

CWE-399 http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html http://www.securityfocus.com/bid/20777 http://secunia.com/advisories/22615 http://www.ubuntu.com/usn/usn-371-1 http://secunia.com/advisories/22624 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html http://www.redhat.com/support/errata/RHSA-2006-0729.html http://securitytracker.com/id?1017194 http://secunia.com/advisories/22761 ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P http://secunia.com/advisories/22929 http://security.gentoo.org/glsa/glsa-200611-12.xml http://www.novell.com/linux/security/advisories/2006_26_sr.html http://secunia.com/advisories/23040 http://secunia.com/advisories/23344 http://secunia.com/advisories/22932 http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:192 http://secunia.com/advisories/25402 http://www.vupen.com/english/advisories/2006/4244 http://www.vupen.com/english/advisories/2007/1939 http://www.vupen.com/english/advisories/2006/4245 http://www.debian.org/security/2006/dsa-1234 http://www.debian.org/security/2006/dsa-1235 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185 https://usn.ubuntu.com/371-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-5467

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect