Description
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
Affected products
- gentoo / linux
- mandrakesoft / mandrake_linux9.2 – 9.2
- mandrakesoft / mandrake_linux9.2 – 9.2
- mandrakesoft / mandrake_linux10.0 – 10.0
- mandrakesoft / mandrake_linux10.1 – 10.1
- mandrakesoft / mandrake_linux10.1 – 10.1
- mandrakesoft / mandrake_linux10.0 – 10.0
- mandrakesoft / mandrake_linux_corporate_server2.1 – 2.1
- mandrakesoft / mandrake_linux_corporate_server2.1 – 2.1
- Ubuntu / ubuntu_linux4.1 – 4.1
- Ubuntu / ubuntu_linux4.1 – 4.1
- yukihiro_matsumoto / ruby1.8.2_pre1 – 1.8.2_pre1
- yukihiro_matsumoto / ruby1.8.1 – 1.8.1
- yukihiro_matsumoto / ruby1.8 – 1.8
- yukihiro_matsumoto / ruby1.6.7 – 1.6.7
- yukihiro_matsumoto / ruby1.6 – 1.6
- yukihiro_matsumoto / ruby1.8.2_pre2 – 1.8.2_pre2
References
- MISChttp://www.redhat.com/support/errata/RHSA-2004-635.html
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:128
- MISChttp://www.securityfocus.com/bid/11618
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268
- VENDOR_ADVISORYhttps://usn.ubuntu.com/20-1/
- VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-586
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17985