CVE-2006-6303 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-6303
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-6303

Description: The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/30734 UBUNTU http://www.ubuntu.com/usn/usn-394-1 SUSE http://www.novell.com/linux/security/advisories/2007_4_sr.html ST 1017363 SAID Secunia Advisory: SA23454 Secunia Advisory: SA23165 Secunia Advisory: SA23268 Secunia Advisory: SA25402 Secunia Advisory: SA27576 Secunia Advisory: SA31090 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0961.html MISC http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h&only_with_tag=MAIN&r1=text&tr1=1.92&r2=text&tr2=1.91 http://jvn.jp/jp/JVN%2384798830/index.html http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287 http://bugs.gentoo.org/show_bug.cgi?id=157048 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:225 GENTOO http://security.gentoo.org/glsa/glsa-200612-21.xml CONFIRM http://docs.info.apple.com/article.html?artnum=305530 http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/ BID 21441 APPLE http://lists.apple.com/archives/security-announce/2007/May/msg00004.html

Return to the previous page.