Page 10 of 51 results (0.012 seconds)

CVSS: 5.0EPSS: 20%CPEs: 1EXPL: 0

The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID. La libreria CGI cgi.rb para Ruby 1.8 permite a un atacante remoto provocar denegación de servicio (bucle infinito y consumo de CPU) a través de una respuesta HTTP con un cuerpo multiparte MIME que contiene un limite especifico no valido, como se demosotro usando una especificaión que comenzaba con un "-" en vez de "--" y contiene un ID inconsistente. • ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html http://secunia.com/advisories/22615 http://secunia.com/advisories/22624 http://secunia.com/advisories/22761 http://secunia.com/advisories/22929 http://secunia.com/advisories/22932 http://secunia.com/advisories/23040 http • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 4%CPEs: 10EXPL: 1

The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data. • https://www.exploit-db.com/exploits/27723 ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-webrick-dos-1.patch ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-xmlrpc-dos-1.patch http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787 http://secunia.com/advisories/16904 http://secunia.com/advisories/19772 http://secunia.com/advisories/19804 http://secunia.com/advisories/20024 http://secunia.com/advisories/20064 http://secunia.com/advis •

CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). • http://jvn.jp/jp/JVN%2362914675/index.html http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/16904 http://secunia.com/advisories/17094 http://secunia.com/advisories/17098 http://secunia.com/advisories/17129 http://secunia.com/advisories/17147 http://secunia.com/advisories/17285 http://secunia.com/advisories/19130 http://secunia.com/advisories/20077 http://securityreason.com/securityalert/59 http://www.debian.org/security •

CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands. • http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064 http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html http://secunia.com/advisories/16920 http://www.auscert.org.au/5509 http://www.ciac.org/ciac/bulletins/p-312.shtml http://www.debian.org/security/2005/dsa-748 http://www.kb.cert.org/vuls/id/684913 http://www.novell.com/linux/security/advisories/2005_18_sr.html http •

CVSS: 5.0EPSS: 2%CPEs: 17EXPL: 0

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. • http://www.debian.org/security/2004/dsa-586 http://www.mandriva.com/security/advisories?name=MDKSA-2004:128 http://www.redhat.com/support/errata/RHSA-2004-635.html http://www.securityfocus.com/bid/11618 https://exchange.xforce.ibmcloud.com/vulnerabilities/17985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268 https://usn.ubuntu.com/20-1 https://access.redhat.com/security/cve/CVE-2004-0983 https://bugzilla.redhat.com/show_bug.cgi?id=1 •