Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13ZnJjLXI2YzYtN2o5cs2-Rw
WEBrick Denial of Service Vulnerability
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
Permalink: https://github.com/advisories/GHSA-wfrc-r6c6-7j9rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13ZnJjLXI2YzYtN2o5cs2-Rw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 3 months ago
Identifiers: GHSA-wfrc-r6c6-7j9r, CVE-2008-4310
References:
- https://nvd.nist.gov/vuln/detail/CVE-2008-4310
- https://bugzilla.redhat.com/show_bug.cgi?id=470252
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250
- http://www.openwall.com/lists/oss-security/2008/12/04/2
- http://www.redhat.com/support/errata/RHSA-2008-0981.html
- https://github.com/ruby/webrick/commit/b2ccd5ff7ddd67a4548299e110dcc5a4728a5534
- https://web.archive.org/web/20111230125610/http://secunia.com/advisories/33013
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2008-4310.yml
- https://github.com/advisories/GHSA-wfrc-r6c6-7j9r
Blast Radius: 0.0
Affected Packages
rubygems:webrick
Dependent packages: 368Dependent repositories: 46,333
Downloads: 222,371,739 total
Affected Version Ranges: < 1.3.1
Fixed in: 1.3.1
All affected versions:
All unaffected versions: 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.5.0, 1.5.1, 1.6.0, 1.6.1, 1.7.0, 1.8.0, 1.8.1