CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0CVE-2006-6303 – ruby's cgi.rb vulnerable infinite loop DoS
https://notcve.org/view.php?id=CVE-2006-6303
06 Dec 2006 — The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. La función read_multipart en cgi.rb de Ruby anterior a 1.8.5-p2 no detecta adecuadamente los límites en contenido MIME multipart, lo cual permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante una petición HTTP a... • http://bugs.gentoo.org/show_bug.cgi?id=157048 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 0CVE-2006-5467 – Ruby CGI multipart parsing DoS
https://notcve.org/view.php?id=CVE-2006-5467
27 Oct 2006 — The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID. La libreria CGI cgi.rb para Ruby 1.8 permite a un atacante remoto provocar denegación de servicio (bucle infinito y consumo de CPU) a través de una respuesta HTTP con un cuerpo multiparte M... • ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2006-3694
https://notcve.org/view.php?id=CVE-2006-3694
19 Jul 2006 — Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations". Múltiples vulnerabilidades no especificadas en Ruby anterior a 1.8.5 permite a atacantes remotos evitar la validación "nivel de seguro" a través de vectores no especificados afectando a la función (1)alias y (2) "operaciones de directorio". • ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P •
CVSS: 7.5EPSS: 14%CPEs: 10EXPL: 1CVE-2006-1931 – Yukihiro Matsumoto Ruby 1.x - XMLRPC Server Denial of Service
https://notcve.org/view.php?id=CVE-2006-1931
20 Apr 2006 — The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data. • https://www.exploit-db.com/exploits/27723 •
CVSS: 9.8EPSS: 20%CPEs: 12EXPL: 0CVE-2005-2337
https://notcve.org/view.php?id=CVE-2005-2337
07 Oct 2005 — Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). • http://jvn.jp/jp/JVN%2362914675/index.html •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 0CVE-2005-1992
https://notcve.org/view.php?id=CVE-2005-1992
20 Jun 2005 — The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands. • http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237 •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0CVE-2004-0983
https://notcve.org/view.php?id=CVE-2004-0983
19 Nov 2004 — The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. • http://www.debian.org/security/2004/dsa-586 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2004-0755
https://notcve.org/view.php?id=CVE-2004-0755
19 Aug 2004 — The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions. La capacidad FileStore en CGI::Session de Ruby anteriores a 1.8.1, y posiblemente PStore, crea ficheros con permisos no seguros, lo que puede permitir a usuarios locales robar información de sesión secuestrar sesiones. • http://secunia.com/advisories/12290 •