FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3656

This CVE name corresponds to:

Entered Topic
2008-08-16 ruby -- DoS vulnerability in WEBrick
ruby -- multiple vulnerabilities in safe level

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-3656
Phase Assigned(20080812)

Description

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.

References

Source Reference
BUGTRAQ 20080831 rPSA-2008-0264-1 ruby
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
CONFIRM http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
CONFIRM http://support.apple.com/kb/HT3549
APPLE APPLE-SA-2009-05-12
DEBIAN DSA-1651
DEBIAN DSA-1652
FEDORA FEDORA-2008-8736
FEDORA FEDORA-2008-8738
GENTOO GLSA-200812-17
REDHAT RHSA-2008:0897
UBUNTU USN-651-1
CERT TA09-133A
BID 30644
OVAL oval:org.mitre.oval:def:9682
SECUNIA 35074
VUPEN ADV-2008-2334
SECTRACK 1020654
SECUNIA 31697
SECUNIA 32255
SECUNIA 32256
SECUNIA 33178
SECUNIA 31430
SECUNIA 32165
SECUNIA 32219
SECUNIA 32371
VUPEN ADV-2009-1297
XF ruby-webrick-dos(44371)