Another vulnerability has been discovered in the CGI library (cgi.rb)
that ships with Ruby which could be used by a malicious user to
create a denial of service attack (DoS).
This vulnerability is open to the public as
JVN#84798830.
Please note that the previous patch
(<URL:http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-cgi-dos-1.patch>)
does not fix this problem.
A specific HTTP request for any web application using cgi.rb
causes CPU consumption on the machine on which the web application
is running.
Many such requests result in a denial of service.
- 1.8 series
-
1.8.5 and all prior versions
- Development version (1.9 series)
-
All versions before 2006-12-04
- 1.8 series
-
Please upgrade to 1.8.5-p2.
<URL:http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p2.tar.gz>
(4519151 bytes, md5sum: a3517a224716f79b14196adda3e88057)
Please note that a package that corrects this weakness may already be available through your package management software.
- Development version (1.9 series)
-
Please update your Ruby to a version after 2006-12-04.
文章来源:
http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
posted on 2007-08-16 13:43
小丑鱼 阅读(71)
评论(0) 编辑 收藏