CVE-2006-5467

Properties

Published:
26.10.2006
Updated:
30.10.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:N/A:P/B:N)
    Product:
    Yukihiro Matsumoto: Ruby

    Vulnerability description

    The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a dneial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a"-"instead of"--"and contains an inconsistent ID.

    References:

    MLIST:http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html