CVE-2008-3656
Priority
Medium
Description
Algorithmic complexity vulnerability in the
WEBrick::HTTPUtils.split_header_value function in
WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier,
1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423
allows context-dependent attackers to cause a denial of service (CPU
consumption) via a crafted HTTP request that is processed by a backtracking
regular expression.
WEBrick::HTTPUtils.split_header_value function in
WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier,
1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423
allows context-dependent attackers to cause a denial of service (CPU
consumption) via a crafted HTTP request that is processed by a backtracking
regular expression.
References
Assigned-to
jdstrand
Package
| Upstream: | released (1.8.7.72-1) |
| Ubuntu 8.04 LTS (Hardy Heron): | released (1.8.6.111-2ubuntu1.2) |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected (1.8.7.72-1) |
| Ubuntu 11.04 (Natty Narwhal): | not-affected (1.8.7.72-1) |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (1.8.7.72-1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (1.8.7.72-1) |
Package
| Upstream: | released (1.9.0.2-7) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (1.9.0.2-7) |
| Ubuntu 11.04 (Natty Narwhal): | DNE (pulled 2010-07-27) |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE (pulled 2010-07-27) |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE (pulled 2010-07-27) |