CVE-2006-5467 - компьютерная безопасность: уязвимости и эксплоиты

[RU] switch to
English Version

CVE CVE-2006-5467
Статус Candidate
Описание The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
Важность Low
CVSS score 2,3
CVSS vector (AV:R/AC:L/Au:NR/C:N/I:N/A:P/B:N)
Phase Assigned (23.10.2006)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5467
References APPLE : APPLE-SA-2007-05-24
BID : 20777
CONFIRM : http://docs.info.apple.com/article.html?artnum=305530
DEBIAN : DSA-1234
DEBIAN : DSA-1235
FRSIRT : ADV-2006-4244
FRSIRT : ADV-2006-4245
FRSIRT : ADV-2007-1939
GENTOO : GLSA-200611-12
MANDRIVA : MDKSA-2006:192
MLIST : [mongrel-users] 20061025 [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack
OPENPKG : OpenPKG-SA-2006.030
REDHAT : RHSA-2006:0729
SECTRACK : 1017194
SECUNIA : 22615
SECUNIA : 22624
SECUNIA : 22761
SECUNIA : 22929
SECUNIA : 22932
SECUNIA : 23040
SECUNIA : 23344
SECUNIA : 25402
SGI : 20061101-01-P
SUSE : SUSE-SR:2006:026
UBUNTU : USN-371-1

test server