FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ruby -- DoS vulnerability in WEBrick

Affected packages
1.8.*,1 <= ruby < 1.8.6.111_5,1
1.9.*,1 <= ruby < 1.9.1.0,1
1.8.*,1 <= ruby+oniguruma < 1.8.6.111_5,1
1.9.*,1 <= ruby+oniguruma < 1.9.1.0,1
1.8.*,1 <= ruby+pthreads < 1.8.6.111_5,1
1.9.*,1 <= ruby+pthreads < 1.9.1.0,1
1.8.*,1 <= ruby+pthreads+oniguruma < 1.8.6.111_5,1
1.9.*,1 <= ruby+pthreads+oniguruma < 1.9.1.0,1

Details

VuXML ID f7ba20aa-6b5a-11dd-9d79-001fc61c2a55
Discovery 2008-08-08
Entry 2008-08-16
Modified 2010-05-12

The official ruby site reports:

WEBrick::HTTP::DefaultFileHandler is faulty of exponential time taking requests due to a backtracking regular expression in WEBrick::HTTPUtils.split_header_value.

References

CVE Name CVE-2008-3655
CVE Name CVE-2008-3656
CVE Name CVE-2008-3905
URL http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/