jvndb-2006-000753
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Ruby cgi.rb Denial of Service Vulnerability
Details
The cig.rb class in Ruby cannot handle HTTP requests with MIME multipart data set with an invalid boundry, which could trigger an infinate loop and result in consuming a large amount of CPU respurces.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000753.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "The cig.rb class in Ruby cannot handle HTTP requests with MIME multipart data set with an invalid boundry, which could trigger an infinate loop and result in consuming a large amount of CPU respurces.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000753.html",
"sec:cpe": [
{
"#text": "cpe:/a:ruby-lang:ruby",
"@product": "Ruby",
"@vendor": "Ruby",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux",
"@product": "Turbolinux",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_appliance_server",
"@product": "Turbolinux Appliance Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_desktop",
"@product": "Turbolinux Desktop",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_home",
"@product": "Turbolinux Home",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_multimedia",
"@product": "Turbolinux Multimedia",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_personal",
"@product": "Turbolinux Personal",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000753",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5467",
"@id": "CVE-2006-5467",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5467",
"@id": "CVE-2006-5467",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/13123/",
"@id": "SA13123",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/20777",
"@id": "20777",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/4244",
"@id": "FrSIRT/ADV-2006-4244",
"@source": "FRSIRT"
}
],
"title": "Ruby cgi.rb Denial of Service Vulnerability"
}
Loading...