First published: Fri Oct 27 2006(Updated: )
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ruby | =1.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-5467 is classified as a moderate severity vulnerability due to its potential to cause a denial of service.
CVE-2006-5467 affects Ruby 1.8 by allowing attackers to exploit the cgi.rb CGI library leading to high CPU consumption and an infinite loop.
CVE-2006-5467 facilitates denial of service attacks through malformed HTTP requests containing invalid multipart MIME boundaries.
To mitigate CVE-2006-5467, ensure that Ruby is updated to a version that resolves this vulnerability or implement input validation for multipart requests.
While CVE-2006-5467 is primarily relevant to Ruby 1.8, any applications still using this outdated version should consider upgrading to avoid potential exploits.