FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ruby -- cgi.rb library Denial of Service

Affected packages
1.8.*,1 <= ruby < 1.8.5_5,1
1.8.*,1 <= ruby+oniguruma < 1.8.5_5,1
1.8.*,1 <= ruby+pthreads < 1.8.5_5,1
1.8.*,1 <= ruby+pthreads+oniguruma < 1.8.5_5,1
1.8.*,1 <= ruby_static

Details

VuXML ID a8674c14-83d7-11db-88d5-0012f06707f0
Discovery 2006-12-04
Entry 2006-12-04
Modified 2010-05-12

The official ruby site reports:

Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS).

A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service.

References

CVE Name CVE-2006-6303
URL http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/