--- layout: page title: November 2006 Archives ---

DoS Vulnerability in CGI Library

A vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and has an invalid boundary specifier that begins with “-” instead of “--”. Once triggered it will exhaust all available memory resources effectively creating a DoS condition.

Ruby 1.8.5 and all prior versions are vulnerable. This vulnerability is open to the public as CVE-2006-5467.

Continue Reading…

Posted by maki on 03 Nov 2006

<< Back to 2006 Archives