Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4310

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2008-4310
Last Modified 21 Aug 2010 12:00:00
Published 08 Dec 2008 07:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4310

Summary

httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.

Vulnerable Systems

Application

  • Ruby-lang Ruby 1.8.1

  • Ruby-lang Ruby 1.8.5


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=470252

REDHAT - RHSA-2008:0981

MLIST - [oss-security] 20081204 ruby CVE-2008-4310 (Red Hat specific)

SECUNIA - 33013


Last Updated: 27 May 2016 10:48:27