随笔 - 49  文章 - 4  trackbacks - 0
<2007年8月>
2930311234
567891011
12131415161718
19202122232425
2627282930311
2345678

常用链接

留言簿(4)

随笔档案(49)

文章档案(2)

blog

搜索

  •  

最新评论

阅读排行榜

评论排行榜

Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS).

This vulnerability is open to the public as JVN#84798830.

Please note that the previous patch (<URL:http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-cgi-dos-1.patch>) does not fix this problem.

Impact

A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service.

Vulnerable versions

1.8 series
1.8.5 and all prior versions
Development version (1.9 series)
All versions before 2006-12-04

Solution

1.8 series

Please upgrade to 1.8.5-p2.

<URL:http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p2.tar.gz> (4519151 bytes, md5sum: a3517a224716f79b14196adda3e88057)

Please note that a package that corrects this weakness may already be available through your package management software.

Development version (1.9 series)
Please update your Ruby to a version after 2006-12-04.

文章来源:http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
posted on 2007-08-16 13:43 小丑鱼 阅读(71) 评论(0)  编辑  收藏

只有注册用户登录后才能发表评论。


网站导航: