5

CVE-2006-1931

The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Yukihiro MatsumotoRuby Version1.6
Yukihiro MatsumotoRuby Version1.6.1
Yukihiro MatsumotoRuby Version1.6.2
Yukihiro MatsumotoRuby Version1.6.3
Yukihiro MatsumotoRuby Version1.6.4
Yukihiro MatsumotoRuby Version1.6.5
Yukihiro MatsumotoRuby Version1.6.6
Yukihiro MatsumotoRuby Version1.6.7
Yukihiro MatsumotoRuby Version1.8
Yukihiro MatsumotoRuby Version1.8.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.19% 0.951
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/16904
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-webrick-dos-1.patch
Patch
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-xmlrpc-dos-1.patch
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787
Patch
http://secunia.com/advisories/19772
http://secunia.com/advisories/19804
http://secunia.com/advisories/20024
http://secunia.com/advisories/20064
http://secunia.com/advisories/20457
http://secunia.com/advisories/21657
http://securitytracker.com/id?1015978
http://www.debian.org/security/2006/dsa-1157
http://www.gentoo.org/security/en/glsa/glsa-200605-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:079
http://www.novell.com/linux/security/advisories/2006-06-02.html
http://www.osvdb.org/24972
http://www.redhat.com/support/errata/RHSA-2006-0427.html
http://www.securityfocus.com/bid/17645
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/26102
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11100
https://usn.ubuntu.com/273-1/