Sha256: b2fc0e4e4bb4f8eb0b019e51b8192e873a7a031b1f5fc2dead0582c23a4411de

Contents?: true

Size: 696 Bytes

Versions: 6

Compression:

Stored size: 696 Bytes

Contents

---
engine: ruby
cve: 2008-3656
url: https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
title: Ruby WEBrick::HTTP::DefaultFileHandler DoS
date: 2008-08-08
description: |
  Algorithmic complexity vulnerability in the
  WEBrick::HTTPUtils.split_header_value function in
  WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6
  through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows
  context-dependent attackers to cause a denial of service (CPU consumption)
  via a crafted HTTP request that is processed by a backtracking regular
  expression.
cvss_v2: 7.8
patched_versions:
  - ~> 1.8.6.287
  - ~> 1.8.7.72
  - ">= 1.9.0"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2008-3656.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/CVE-2008-3656.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2008-3656.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2008-3656.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/CVE-2008-3656.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/ruby/CVE-2008-3656.yml