FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ruby -- UTF-7 encoding XSS vulnerability in WEBrick

Affected packages
1.8.*,1 <= ruby < 1.8.7.248_3,1
1.9.*,1 <= ruby < 1.9.1.430,1
1.8.*,1 <= ruby+oniguruma < 1.8.7.248_3,1
1.9.*,1 <= ruby+oniguruma < 1.9.1.430,1
1.8.*,1 <= ruby+pthreads < 1.8.7.248_3,1
1.9.*,1 <= ruby+pthreads < 1.9.1.430,1
1.8.*,1 <= ruby+pthreads+oniguruma < 1.8.7.248_3,1
1.9.*,1 <= ruby+pthreads+oniguruma < 1.9.1.430,1

Details

VuXML ID 34e0316a-aa91-11df-8c2e-001517289bf8
Discovery 2010-08-16
Entry 2010-08-17
Modified 2010-08-20

The official ruby site reports:

WEBrick have had a cross-site scripting vulnerability that allows an attacker to inject arbitrary script or HTML via a crafted URI. This does not affect user agents that strictly implement HTTP/1.1, however, some user agents do not.

References

Bugtraq ID 40895
CVE Name CVE-2010-0541
URL http://www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/