header-logo
Suggest Exploit
vendor:
Ruby
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Ruby
Affected Version From: Prior to 1.8.3
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Ruby Denial of Service Vulnerability

Ruby is affected by a denial-of-service vulnerability in the WEBrick HTTP server. This issue is due to the use of blocking network operations. Ruby's implementation of XML/RPC is also affected, since it uses the vulnerable WEBrick server. This issue allows remote attackers to cause affected webservers to fail to respond to further legitimate requests.

Mitigation:

Upgrade to Ruby version 1.8.3 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17645/info

Ruby is affected by a denial-of-service vulnerability in the WEBrick HTTP server. This issue is due to the use of blocking network operations. Ruby's implementation of XML/RPC is also affected, since it uses the vulnerable WEBrick server.

This issue allows remote attackers to cause affected webservers to fail to respond to further legitimate requests.

Ruby versions prior to 1.8.3 are affected by this issue.

The following Ruby command will issue a request sufficient to trigger this issue:

ruby -rsocket -e 'TCPSocket.open("www.example.com", 10080) {|s|
s.print "GET /z HTTP/1.0\r\n\r\n"
sleep
}'

Navigation

Suggest Exploit

Services By CQR