CVE-2006-5467 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-5467
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-5467

Description: The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-371-1 SUSE http://www.novell.com/linux/security/advisories/2006_26_sr.html ST 1017194 SGI SAID Secunia Advisory: SA22761 Secunia Advisory: SA22624 Secunia Advisory: SA22615 Secunia Advisory: SA22929 Secunia Advisory: SA23040 Secunia Advisory: SA23344 Secunia Advisory: SA22932 Secunia Advisory: SA25402 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0729.html OPENPKG http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html MLIST http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:192 GENTOO http://security.gentoo.org/glsa/glsa-200611-12.xml DEBIAN http://www.debian.org/security/2006/dsa-1235 http://www.debian.org/security/2006/dsa-1234 CONFIRM http://docs.info.apple.com/article.html?artnum=305530 BID 20777 APPLE http://lists.apple.com/archives/security-announce/2007/May/msg00004.html

Return to the previous page.