ID CVE-2006-6303
Summary The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.
References
Vulnerable Configurations
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.1
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.1
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2_pre1
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2_pre1
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2_pre2
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2_pre2
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.3
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.3
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.4
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.4
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.5
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.5
CVSS
Base: 5.0 (as of 06-12-2006 - 15:38)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200612-21.NASL
    description The remote host is affected by the vulnerability described in GLSA-200612-21 (Ruby: Denial of Service vulnerability) The read_multipart function of the CGI library shipped with Ruby (cgi.rb) does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-12. Impact : The vulnerability can be exploited by sending the cgi.rb library a crafted HTTP request with multipart MIME encoding that contains a malformed MIME boundary specifier. Successful exploitation of the vulnerability causes the library to go into an infinite loop. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 23958
    published 2006-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23958
    title GLSA-200612-21 : Ruby: Denial of Service vulnerability
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-005.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. This update fixes security flaws in the following applications : Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 25297
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25297
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-005)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11442.NASL
    description The ruby package was updated to fix a denial of service problem in its CGI module when parsing multipart MIME messages. (CVE-2006-6303)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41118
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41118
    title SuSE9 Security Update : ruby (YOU Patch Number 11442)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RUBY-2654.NASL
    description The ruby package was updated to fix a denial of service problem in its CGI module when parsing multipart MIME messages. (CVE-2006-6303)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29572
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29572
    title SuSE 10 Security Update : ruby (ZYPP Patch Number 2654)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-394-1.NASL
    description An error was found in Ruby's CGI library that did not correctly quote the boundary of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 27980
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27980
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-394-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_A8674C1483D711DB88D50012F06707F0.NASL
    description The official ruby site reports : Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 23771
    published 2006-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23771
    title FreeBSD : ruby -- cgi.rb library Denial of Service (a8674c14-83d7-11db-88d5-0012f06707f0)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0961.NASL
    description From Red Hat Security Advisory 2007:0961 : Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. If a remote attacker sends a specially crafted request, it is possible to cause the ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303) An SSL certificate validation flaw was discovered in several Ruby Net modules. The libraries were not checking the requested host name against the common name (CN) in the SSL server certificate, possibly allowing a man in the middle attack. (CVE-2007-5162, CVE-2007-5770) Users of Ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67584
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67584
    title Oracle Linux 4 : ruby (ELSA-2007-0961)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0961.NASL
    description Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. If a remote attacker sends a specially crafted request, it is possible to cause the ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303) An SSL certificate validation flaw was discovered in several Ruby Net modules. The libraries were not checking the requested host name against the common name (CN) in the SSL server certificate, possibly allowing a man in the middle attack. (CVE-2007-5162, CVE-2007-5770) Users of Ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 28201
    published 2007-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28201
    title RHEL 4 : ruby (RHSA-2007:0961)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0562.NASL
    description From Red Hat Security Advisory 2008:0562 : Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. Multiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. (CVE-2008-2376, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726) It was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. (CVE-2008-2664) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. A remote attacker could send a specially crafted request and cause the Ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303) Users of Ruby should upgrade to these updated packages, which contain a backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 67717
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67717
    title Oracle Linux 3 : ruby (ELSA-2008-0562)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0562.NASL
    description Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. Multiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. (CVE-2008-2376, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726) It was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. (CVE-2008-2664) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. A remote attacker could send a specially crafted request and cause the Ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303) Users of Ruby should upgrade to these updated packages, which contain a backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 33496
    published 2008-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33496
    title RHEL 2.1 / 3 : ruby (RHSA-2008:0562)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080714_RUBY_ON_SL3_X.NASL
    description Multiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. (CVE-2008-2376, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726) It was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. (CVE-2008-2664) A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. A remote attacker could send a specially crafted request and cause the Ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60441
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60441
    title Scientific Linux Security Update : ruby on SL3.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0562.NASL
    description Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. Multiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. (CVE-2008-2376, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726) It was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. (CVE-2008-2664) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. A remote attacker could send a specially crafted request and cause the Ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303) Users of Ruby should upgrade to these updated packages, which contain a backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33489
    published 2008-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33489
    title CentOS 3 : ruby (CESA-2008:0562)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RUBY-2655.NASL
    description The ruby package was updated to fix a denial of service problem in its CGI module when parsing multipart MIME messages. (CVE-2006-6303)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27423
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27423
    title openSUSE 10 Security Update : ruby (ruby-2655)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-225.NASL
    description Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24609
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24609
    title Mandrake Linux Security Advisory : ruby (MDKSA-2006:225)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0961.NASL
    description Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. If a remote attacker sends a specially crafted request, it is possible to cause the ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303) An SSL certificate validation flaw was discovered in several Ruby Net modules. The libraries were not checking the requested host name against the common name (CN) in the SSL server certificate, possibly allowing a man in the middle attack. (CVE-2007-5162, CVE-2007-5770) Users of Ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 37552
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37552
    title CentOS 4 : ruby (CESA-2007:0961)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071113_RUBY_ON_SL5_X.NASL
    description A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. If a remote attacker sends a specially crafted request, it is possible to cause the ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303) An SSL certificate validation flaw was discovered in several Ruby Net modules. The libraries were not checking the requested host name against the common name (CN) in the SSL server certificate, possibly allowing a man in the middle attack. (CVE-2007-5162, CVE-2007-5770)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60301
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60301
    title Scientific Linux Security Update : ruby on SL5.x, SL4.x i386/x86_64
oval via4
accepted 2013-04-29T04:06:27.998-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.
family unix
id oval:org.mitre.oval:def:10529
status accepted
submitted 2010-07-09T03:56:16-04:00
title The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.
version 23
redhat via4
advisories
rhsa
id RHSA-2007:0961
rpms
  • irb-0:1.8.1-7.EL4.8.1
  • ruby-0:1.8.1-7.EL4.8.1
  • ruby-devel-0:1.8.1-7.EL4.8.1
  • ruby-docs-0:1.8.1-7.EL4.8.1
  • ruby-libs-0:1.8.1-7.EL4.8.1
  • ruby-mode-0:1.8.1-7.EL4.8.1
  • ruby-tcltk-0:1.8.1-7.EL4.8.1
  • irb-0:1.6.8-12.el3
  • ruby-0:1.6.8-12.el3
  • ruby-devel-0:1.6.8-12.el3
  • ruby-docs-0:1.6.8-12.el3
  • ruby-libs-0:1.6.8-12.el3
  • ruby-mode-0:1.6.8-12.el3
  • ruby-tcltk-0:1.6.8-12.el3
refmap via4
apple APPLE-SA-2007-05-24
bid 21441
confirm
gentoo GLSA-200612-21
jvn JVN#84798830
mandriva MDKSA-2006:225
misc
sectrack 1017363
secunia
  • 23165
  • 23268
  • 23454
  • 25402
  • 27576
  • 31090
suse SUSE-SR:2007:004
ubuntu USN-394-1
vupen
  • ADV-2006-4855
  • ADV-2007-1939
xf ruby-cgi-library-dos(30734)
statements via4
contributor Joshua Bressers
lastmodified 2008-07-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. For other versions of Red Hat Enterprise Linux see http://rhn.redhat.com/cve/CVE-2006-6303.html
Last major update 07-03-2011 - 21:45
Published 06-12-2006 - 14:28
Last modified 10-10-2017 - 21:31
Back to Top