FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ruby -- DoS vulnerability in WEBrick

Affected packages
1.8.*,1	<=	ruby	<	1.8.6.111_5,1
1.9.*,1	<=	ruby	<	1.9.1.0,1
1.8.*,1	<=	ruby+oniguruma	<	1.8.6.111_5,1
1.9.*,1	<=	ruby+oniguruma	<	1.9.1.0,1
1.8.*,1	<=	ruby+pthreads	<	1.8.6.111_5,1
1.9.*,1	<=	ruby+pthreads	<	1.9.1.0,1
1.8.*,1	<=	ruby+pthreads+oniguruma	<	1.8.6.111_5,1
1.9.*,1	<=	ruby+pthreads+oniguruma	<	1.9.1.0,1

Details

VuXML ID	f7ba20aa-6b5a-11dd-9d79-001fc61c2a55
Discovery	2008-08-08
Entry	2008-08-16
Modified	2010-05-12

The official ruby site reports:

WEBrick::HTTP::DefaultFileHandler is faulty of exponential time taking requests due to a backtracking regular expression in WEBrick::HTTPUtils.split_header_value.

[source]

References

CVE Name	CVE-2008-3655
CVE Name	CVE-2008-3656
CVE Name	CVE-2008-3905
URL	http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.