FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ruby -- DoS vulnerability in WEBrick

Affected packages
1.8.*,1 <= ruby < 1.8.6.111_5,1
1.9.*,1 <= ruby
1.8.*,1 <= ruby+oniguruma < 1.8.6.111_5,1
1.9.*,1 <= ruby+oniguruma
1.8.*,1 <= ruby+pthreads < 1.8.6.111_5,1
1.9.*,1 <= ruby+pthreads
1.8.*,1 <= ruby+pthreads+oniguruma < 1.8.6.111_5,1
1.9.*,1 <= ruby+pthreads+oniguruma

Details

VuXML ID f7ba20aa-6b5a-11dd-9d79-001fc61c2a55
Discovery 2008-08-08
Entry 2008-08-16

The official ruby site reports:

WEBrick::HTTP::DefaultFileHandler is faulty of exponential time taking requests due to a backtracking regular expression in WEBrick::HTTPUtils.split_header_value.

[source]

References

URL http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.