5

CVE-2006-5467

The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Yukihiro MatsumotoRuby Version1.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.07% 0.894
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
Patch
Vendor Advisory
http://docs.info.apple.com/article.html?artnum=305530
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
http://secunia.com/advisories/22929
Patch
Vendor Advisory
http://secunia.com/advisories/25402
Vendor Advisory
http://www.vupen.com/english/advisories/2007/1939
Vendor Advisory
http://secunia.com/advisories/22932
Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_26_sr.html
Patch
Vendor Advisory
http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
http://secunia.com/advisories/22615
Patch
Vendor Advisory
http://secunia.com/advisories/22624
Patch
Vendor Advisory
http://secunia.com/advisories/22761
Patch
Vendor Advisory
http://secunia.com/advisories/23040
Patch
Vendor Advisory
http://secunia.com/advisories/23344
Patch
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200611-12.xml
Patch
Vendor Advisory
http://securitytracker.com/id?1017194
Patch
http://www.debian.org/security/2006/dsa-1234
http://www.debian.org/security/2006/dsa-1235
http://www.mandriva.com/security/advisories?name=MDKSA-2006:192
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0729.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/20777
Patch
http://www.ubuntu.com/usn/usn-371-1
Patch
http://www.vupen.com/english/advisories/2006/4244
Vendor Advisory
http://www.vupen.com/english/advisories/2006/4245
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185