REDHAT-BUG-458953
First published: Wed Aug 13 2008(Updated: )
Common Vulnerabilities and Exposures assigned an identifier <a href="https://access.redhat.com/security/cve/CVE-2008-3656">CVE-2008-3656</a> to the following vulnerability: Algorithmic complexity vulnerability in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression. Refences: <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401</a> <a href="http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/">http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ruby | <=1.8.5>=1.8.5<1.8.6-p286>=1.8.7<1.8.7-p71>=1.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2008-3656
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
- http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314212
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314212&action=edit
- http://admin.fedoraproject.org/updates/ruby-1.8.6.287-2.fc8
- http://admin.fedoraproject.org/updates/ruby-1.8.6.287-2.fc9
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=322637&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=322637&action=edit
- https://access.redhat.com/security/cve/CVE-2008-1145
- https://bugzilla.redhat.com/show_bug.cgi?id=458953
Frequently Asked Questions
What is the severity of REDHAT-BUG-458953?
The severity of REDHAT-BUG-458953 is classified as a moderate risk due to its impact on algorithmic complexity in WEBrick.
How do I fix REDHAT-BUG-458953?
To fix REDHAT-BUG-458953, upgrade Ruby to version 1.9 or later, or apply any available security patches for affected versions.
Which versions of Ruby are affected by REDHAT-BUG-458953?
Ruby versions 1.8.5 and earlier, and specific versions up to 1.8.6-p286 and 1.8.7-p71 are affected by REDHAT-BUG-458953.
Does REDHAT-BUG-458953 affect WEBrick only?
Yes, REDHAT-BUG-458953 is specifically related to an algorithmic complexity vulnerability in WEBrick's DefaultFileHandler.
Is there any public knowledge available about REDHAT-BUG-458953?
Yes, REDHAT-BUG-458953 is documented in multiple security advisories and bug reports that outline the vulnerability.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-3656
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ruby
- canonical/ruby