Published:2006/12/04  Last Updated:2008/05/21

JVN#84798830
Denial of service vulnerability in Ruby CGI library (cgi.rb)

Overview

cgi.rb, a standard library in Ruby, contains a denial of service vulnerability.

This vulnerability is different from CVE-2006-5467.

Products Affected

  • 1.8 series
    1.8.5 and all previous versions
  • Developer version (1.9 series)
    2006-12-04 and all previous versions
For more information, refer to the vendor's website.

Description

Impact

A remote attacker could possibly conduct a DoS attack on a Ruby server by sending it a specially crafted request.

Solution

Vendor Status

Vendor Link
Ruby http://www.ruby-lang.org/ja/
http://www.ruby-lang.org/ja/news/2006/12/04/another-dos-vulnerability-in-cgi-library/

References

JPCERT/CC Addendum

Credit

Jun Ohmae of OpenGroove,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2006-000808

Update History