[Japanese]

JVNDB-2004-000473

Ruby cgi.rb Denial of Service Vulnerability

Overview

Ruby cgi.rb enters an infinite loop which leads it into Ddenial of Service (DoS) due to improper input validation.
CVSS Severity (What is CVSS?)

Base Metrics: 5.0 (Medium) [NVD Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial

Affected Products


Ruby
  • Ruby 1.6.7 and earlier
  • Ruby 1.8.1 and earlier
Turbolinux, Inc.
  • Turbolinux 10 Desktop
  • Turbolinux 10 F...
  • Turbolinux 10 Server
  • Turbolinux 7 Server
  • Turbolinux 7 Workstation
  • Turbolinux 8 Server
  • Turbolinux 8 Workstation
  • Turbolinux Home
MIRACLE LINUX CORPORATION
  • MIRACLE LINUX V3.0
Red Hat, Inc.
  • Red Hat Desktop (v.3)
  • Red Hat Enterprise Linux AS (v.2.1)
  • Red Hat Enterprise Linux AS (v.3)
  • Red Hat Enterprise Linux ES (v.2.1)
  • Red Hat Enterprise Linux ES (v.3)
  • Red Hat Enterprise Linux WS (v.2.1)
  • Red Hat Enterprise Linux WS (v.3)

Impact

An attacker could cause a Denial of Service (DoS) onto the systems.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

Ruby Turbolinux, Inc. MIRACLE LINUX CORPORATION
  • MIRACLE LINUX Update Information : ruby (V3.0) (Japanese)
Red Hat, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2004-0983
References

  1. National Vulnerability Database (NVD) : CVE-2004-0983
  2. Secunia Advisory : SA13123
  3. SecurityFocus : 11618
  4. ISS X-Force Database : 17985
  5. SecurityTracker : 1012120
Revision History

[2008/05/21]
  Web page published

Date Public2004/11/08
Date First Published2008/05/21
Date Last Updated2008/05/21