Executive Summary
Summary | |
---|---|
Title | New ruby packages fix denial of service |
Informations | |||
---|---|---|---|
Name | DSA-586 | First vendor Publication | 2004-11-08 |
Vendor | Debian | Last vendor Modification | 2004-11-08 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The upstream developers of Ruby have corrected a problem in the CGI module for this language. Specially crafted requests could cause an infinite loop and thus cause the program to eat up cpu cycles. For the stable distribution (woody) this problem has been fixed in version ruby_1.6.7-3woody4. For the unstable distribution (sid) this problem has been fixed in version 1.6.8-12 of ruby1.6 and in version 1.8.1+1.8.2pre2-4 of ruby1.8. We recommend that you upgrade your ruby packages. |
Original Source
Url : http://www.debian.org/security/2004/dsa-586 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10268 | |||
Oval ID: | oval:org.mitre.oval:def:10268 | ||
Title: | The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. | ||
Description: | The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0983 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for ruby File : nvt/sles9p5013198.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-23 (Ruby) File : nvt/glsa_200411_23.nasl |
2008-09-04 | Name : FreeBSD Ports: ruby, ruby_r File : nvt/freebsd_ruby.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 586-1 (ruby) File : nvt/deb_586_1.nasl |
2005-11-03 | Name : cgi.rb File : nvt/cgi_rb.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
11534 | Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_d656296b33ff11d9a9e70001020eed82.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-371-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-394-1.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-192.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-225.nasl - Type : ACT_GATHER_INFO |
2006-12-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1234.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-20-1.nasl - Type : ACT_GATHER_INFO |
2004-12-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-635.nasl - Type : ACT_GATHER_INFO |
2004-11-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-402.nasl - Type : ACT_GATHER_INFO |
2004-11-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-403.nasl - Type : ACT_GATHER_INFO |
2004-11-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200411-23.nasl - Type : ACT_GATHER_INFO |
2004-11-13 | Name : The remote web server is hosting a CGI application that is affected by a deni... File : cgi_rb.nasl - Type : ACT_GATHER_INFO |
2004-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-586.nasl - Type : ACT_GATHER_INFO |
2004-11-09 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-128.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:33:34 |
|