ID CVE-2006-1931
Summary The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.
References
Vulnerable Configurations
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:*
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 03-10-2018 - 21:40)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
accepted 2013-04-29T04:11:31.157-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.
family unix
id oval:org.mitre.oval:def:11100
status accepted
submitted 2010-07-09T03:56:16-04:00
title The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.
version 29
redhat via4
advisories
bugzilla
id 189539
title CVE-2006-1931 Ruby http/xmlrpc server DoS
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • comment irb is earlier than 0:1.8.1-7.EL4.3
          oval oval:com.redhat.rhsa:tst:20060427001
        • comment irb is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060427002
      • AND
        • comment ruby is earlier than 0:1.8.1-7.EL4.3
          oval oval:com.redhat.rhsa:tst:20060427003
        • comment ruby is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060427004
      • AND
        • comment ruby-devel is earlier than 0:1.8.1-7.EL4.3
          oval oval:com.redhat.rhsa:tst:20060427005
        • comment ruby-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060427006
      • AND
        • comment ruby-docs is earlier than 0:1.8.1-7.EL4.3
          oval oval:com.redhat.rhsa:tst:20060427007
        • comment ruby-docs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060427008
      • AND
        • comment ruby-libs is earlier than 0:1.8.1-7.EL4.3
          oval oval:com.redhat.rhsa:tst:20060427009
        • comment ruby-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060427010
      • AND
        • comment ruby-mode is earlier than 0:1.8.1-7.EL4.3
          oval oval:com.redhat.rhsa:tst:20060427011
        • comment ruby-mode is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060427012
      • AND
        • comment ruby-tcltk is earlier than 0:1.8.1-7.EL4.3
          oval oval:com.redhat.rhsa:tst:20060427013
        • comment ruby-tcltk is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060427014
rhsa
id RHSA-2006:0427
released 2006-05-09
severity Moderate
title ruby security update (Moderate)
rpms
  • irb-0:1.8.1-7.EL4.3
  • ruby-0:1.8.1-7.EL4.3
  • ruby-debuginfo-0:1.8.1-7.EL4.3
  • ruby-devel-0:1.8.1-7.EL4.3
  • ruby-docs-0:1.8.1-7.EL4.3
  • ruby-libs-0:1.8.1-7.EL4.3
  • ruby-mode-0:1.8.1-7.EL4.3
  • ruby-tcltk-0:1.8.1-7.EL4.3
refmap via4
bid 17645
confirm https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540
debian DSA-1157
gentoo GLSA-200605-11
mandriva MDKSA-2006:079
misc
osvdb 24972
sectrack 1015978
secunia
  • 16904
  • 19772
  • 19804
  • 20024
  • 20064
  • 20457
  • 21657
suse SUSE-SR:2006:012
ubuntu USN-273-1
xf ruby-socket-dos(26102)
Last major update 03-10-2018 - 21:40
Published 20-04-2006 - 21:02
Last modified 03-10-2018 - 21:40
Back to Top