JVNDB-2004-000473

[Japanese]
JVNDB-2004-000473
Ruby cgi.rb Denial of Service Vulnerability
Overview
Ruby cgi.rb enters an infinite loop which leads it into Ddenial of Service (DoS) due to improper input validation.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 5.0 (Medium) [NVD Score] Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
Affected Products

Ruby Ruby 1.6.7 and earlier Ruby 1.8.1 and earlier Cybertrust Japan Co., Ltd. Asianux Server 3.0 Turbolinux, Inc. Turbolinux 10_f Turbolinux Desktop 10 Turbolinux Server 10 Turbolinux Server 7 Turbolinux Server 8 Turbolinux Workstation 7 Turbolinux Workstation 8 Turbolinux Home Red Hat, Inc. Red Hat Enterprise Linux 2.1 (as) Red Hat Enterprise Linux 3 (as) Red Hat Enterprise Linux 2.1 (es) Red Hat Enterprise Linux 3 (es) Red Hat Enterprise Linux 2.1 (ws) Red Hat Enterprise Linux 3 (ws) Red Hat Enterprise Linux Desktop 3.0

Impact
An attacker could cause a Denial of Service (DoS) onto the systems.
Solution
Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information
Ruby Ruby : Top Page Cybertrust Japan Co., Ltd. MIRACLE LINUX Update Information : ruby (V3.0) (Japanese) Turbolinux, Inc. Turbolinux Security Advisory : TLSA-2005-15 Red Hat, Inc. Red Hat Security Advisory : RHSA-2004:635
CWE (What is CWE?)

CVE (What is CVE?)
CVE-2004-0983
References
National Vulnerability Database (NVD) : CVE-2004-0983 Secunia Advisory : SA13123 SecurityFocus : 11618 ISS X-Force Database : 17985 SecurityTracker : 1012120
Revision History
[2008/05/21] Web page published


Date Public	2004/11/08
Date First Published	2008/05/21
Date Last Updated	2008/05/21

Ruby cgi.rb Denial of Service Vulnerability