CVE - CVE-2006-5467

CVE-ID
CVE-2006-5467	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[mongrel-users] 20061025 [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack URL:http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html CONFIRM:http://docs.info.apple.com/article.html?artnum=305530 APPLE:APPLE-SA-2007-05-24 URL:http://lists.apple.com/archives/security-announce/2007/May/msg00004.html DEBIAN:DSA-1234 URL:http://www.debian.org/security/2006/dsa-1234 DEBIAN:DSA-1235 URL:http://www.debian.org/security/2006/dsa-1235 GENTOO:GLSA-200611-12 URL:http://security.gentoo.org/glsa/glsa-200611-12.xml MANDRIVA:MDKSA-2006:192 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:192 OPENPKG:OpenPKG-SA-2006.030 URL:http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html REDHAT:RHSA-2006:0729 URL:http://www.redhat.com/support/errata/RHSA-2006-0729.html SGI:20061101-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P SUSE:SUSE-SR:2006:026 URL:http://www.novell.com/linux/security/advisories/2006_26_sr.html UBUNTU:USN-371-1 URL:http://www.ubuntu.com/usn/usn-371-1 BID:20777 URL:http://www.securityfocus.com/bid/20777 OVAL:oval:org.mitre.oval:def:10185 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185 VUPEN:ADV-2006-4244 URL:http://www.vupen.com/english/advisories/2006/4244 VUPEN:ADV-2006-4245 URL:http://www.vupen.com/english/advisories/2006/4245 VUPEN:ADV-2007-1939 URL:http://www.vupen.com/english/advisories/2007/1939 SECTRACK:1017194 URL:http://securitytracker.com/id?1017194 SECUNIA:22615 URL:http://secunia.com/advisories/22615 SECUNIA:22624 URL:http://secunia.com/advisories/22624 SECUNIA:22761 URL:http://secunia.com/advisories/22761 SECUNIA:22929 URL:http://secunia.com/advisories/22929 SECUNIA:23040 URL:http://secunia.com/advisories/23040 SECUNIA:23344 URL:http://secunia.com/advisories/23344 SECUNIA:22932 URL:http://secunia.com/advisories/22932 SECUNIA:25402 URL:http://secunia.com/advisories/25402
Assigning CNA
N/A
Date Entry Created
20061023	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061023)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org