ID CVE-2006-5467
Summary The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
References
Vulnerable Configurations
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8
CVSS
Base: 5.0 (as of 30-10-2006 - 15:56)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_AB8DBE986BE411DBAE910012F06707F0.NASL
    description Official ruby site reports : A vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as an invalid boundary specifier that begins with '-' instead of '--'. Once triggered it will exhaust all available memory resources effectively creating a DoS condition.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22938
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22938
    title FreeBSD : ruby -- cgi.rb library Denial of Service (ab8dbe98-6be4-11db-ae91-0012f06707f0)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0729.NASL
    description Updated ruby packages that fix a denial of service issue for the CGI instance are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467) Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 23679
    published 2006-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23679
    title RHEL 2.1 / 3 / 4 : ruby (RHSA-2006:0729)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-005.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. This update fixes security flaws in the following applications : Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 25297
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25297
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-005)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RUBY-2224.NASL
    description A denial of service problem in the CGI multipart parsing of 'ruby' was fixed, which could have allowed remote attackers to affect a denial of service attack against ruby based webservices. (CVE-2006-5467)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29571
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29571
    title SuSE 10 Security Update : ruby (ZYPP Patch Number 2224)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200611-12.NASL
    description The remote host is affected by the vulnerability described in GLSA-200611-12 (Ruby: Denial of Service vulnerability) Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported that the CGI library shipped with Ruby is vulnerable to a remote Denial of Service by an unauthenticated user. Impact : The vulnerability can be exploited by sending the cgi.rb library an HTTP request with multipart MIME encoding that contains a malformed MIME boundary specifier beginning with '-' instead of '--'. Successful exploitation of the vulnerability causes the library to go into an infinite loop waiting for additional nonexistent input. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 23706
    published 2006-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23706
    title GLSA-200611-12 : Ruby: Denial of Service vulnerability
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1234.NASL
    description A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 23847
    published 2006-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23847
    title Debian DSA-1234-1 : ruby1.6 - denial of service
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-371-1.NASL
    description An error was found in Ruby's CGI library that did not correctly check for the end of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27952
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27952
    title Ubuntu 5.04 / 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-371-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-192.NASL
    description The CGI library in Ruby 1.8 allowed a remote attacker to cause a Denial of Service via an HTTP request with a multipart MIME body that contained an invalid boundary specifier, which would result in an infinite loop and CPU consumption. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24577
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24577
    title Mandrake Linux Security Advisory : ruby (MDKSA-2006:192)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0729.NASL
    description From Red Hat Security Advisory 2006:0729 : Updated ruby packages that fix a denial of service issue for the CGI instance are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467) Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67420
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67420
    title Oracle Linux 3 : ruby (ELSA-2006-0729)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0729.NASL
    description Updated ruby packages that fix a denial of service issue for the CGI instance are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467) Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 37153
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37153
    title CentOS 3 / 4 : ruby (CESA-2006:0729)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1235.NASL
    description A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 23848
    published 2006-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23848
    title Debian DSA-1235-1 : ruby1.8 - denial of service
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0604.NASL
    description Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues. From Red Hat Security Advisory 2006:0604 : A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2006-3694) From Red Hat Security Advisory 2006:0729 : A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467)
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67399
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67399
    title Oracle Linux 3 / 4 : ruby (ELSA-2006-0604 / ELSA-2006-0729)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RUBY-2219.NASL
    description A denial of service problem in the CGI multipart parsing of 'ruby' was fixed, which could have allowed remote attackers to affect a denial of service attack against ruby based webservices. (CVE-2006-5467)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27422
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27422
    title openSUSE 10 Security Update : ruby (ruby-2219)
oval via4
accepted 2013-04-29T04:03:02.470-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
family unix
id oval:org.mitre.oval:def:10185
status accepted
submitted 2010-07-09T03:56:16-04:00
title The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
version 23
redhat via4
advisories
bugzilla
id 212237
title CVE-2006-5467 Ruby CGI multipart parsing DoS
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment irb is earlier than 0:1.6.8-9.EL3.8
          oval oval:com.redhat.rhsa:tst:20060729014
        • comment irb is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060729015
      • AND
        • comment ruby is earlier than 0:1.6.8-9.EL3.8
          oval oval:com.redhat.rhsa:tst:20060729002
        • comment ruby is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060729003
      • AND
        • comment ruby-devel is earlier than 0:1.6.8-9.EL3.8
          oval oval:com.redhat.rhsa:tst:20060729010
        • comment ruby-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060729011
      • AND
        • comment ruby-docs is earlier than 0:1.6.8-9.EL3.8
          oval oval:com.redhat.rhsa:tst:20060729006
        • comment ruby-docs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060729007
      • AND
        • comment ruby-libs is earlier than 0:1.6.8-9.EL3.8
          oval oval:com.redhat.rhsa:tst:20060729008
        • comment ruby-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060729009
      • AND
        • comment ruby-mode is earlier than 0:1.6.8-9.EL3.8
          oval oval:com.redhat.rhsa:tst:20060729004
        • comment ruby-mode is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060729005
      • AND
        • comment ruby-tcltk is earlier than 0:1.6.8-9.EL3.8
          oval oval:com.redhat.rhsa:tst:20060729012
        • comment ruby-tcltk is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060729013
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment irb is earlier than 0:1.8.1-7.EL4.8
          oval oval:com.redhat.rhsa:tst:20060729021
        • comment irb is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060729015
      • AND
        • comment ruby is earlier than 0:1.8.1-7.EL4.8
          oval oval:com.redhat.rhsa:tst:20060729017
        • comment ruby is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060729003
      • AND
        • comment ruby-devel is earlier than 0:1.8.1-7.EL4.8
          oval oval:com.redhat.rhsa:tst:20060729022
        • comment ruby-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060729011
      • AND
        • comment ruby-docs is earlier than 0:1.8.1-7.EL4.8
          oval oval:com.redhat.rhsa:tst:20060729019
        • comment ruby-docs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060729007
      • AND
        • comment ruby-libs is earlier than 0:1.8.1-7.EL4.8
          oval oval:com.redhat.rhsa:tst:20060729023
        • comment ruby-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060729009
      • AND
        • comment ruby-mode is earlier than 0:1.8.1-7.EL4.8
          oval oval:com.redhat.rhsa:tst:20060729020
        • comment ruby-mode is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060729005
      • AND
        • comment ruby-tcltk is earlier than 0:1.8.1-7.EL4.8
          oval oval:com.redhat.rhsa:tst:20060729018
        • comment ruby-tcltk is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060729013
rhsa
id RHSA-2006:0729
released 2006-11-08
severity Moderate
title RHSA-2006:0729: ruby security update (Moderate)
rpms
  • irb-0:1.6.8-9.EL3.8
  • ruby-0:1.6.8-9.EL3.8
  • ruby-devel-0:1.6.8-9.EL3.8
  • ruby-docs-0:1.6.8-9.EL3.8
  • ruby-libs-0:1.6.8-9.EL3.8
  • ruby-mode-0:1.6.8-9.EL3.8
  • ruby-tcltk-0:1.6.8-9.EL3.8
  • irb-0:1.8.1-7.EL4.8
  • ruby-0:1.8.1-7.EL4.8
  • ruby-devel-0:1.8.1-7.EL4.8
  • ruby-docs-0:1.8.1-7.EL4.8
  • ruby-libs-0:1.8.1-7.EL4.8
  • ruby-mode-0:1.8.1-7.EL4.8
  • ruby-tcltk-0:1.8.1-7.EL4.8
refmap via4
apple APPLE-SA-2007-05-24
bid 20777
confirm http://docs.info.apple.com/article.html?artnum=305530
debian
  • DSA-1234
  • DSA-1235
gentoo GLSA-200611-12
mandriva MDKSA-2006:192
mlist [mongrel-users] 20061025 [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack
openpkg OpenPKG-SA-2006.030
sectrack 1017194
secunia
  • 22615
  • 22624
  • 22761
  • 22929
  • 22932
  • 23040
  • 23344
  • 25402
sgi 20061101-01-P
suse SUSE-SR:2006:026
ubuntu USN-371-1
vupen
  • ADV-2006-4244
  • ADV-2006-4245
  • ADV-2007-1939
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 13-09-2013 - 01:21
Published 27-10-2006 - 14:07
Last modified 10-10-2017 - 21:31
Back to Top