← Retour aux CVEs
CVE-2006-6303
N/ADescription
The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.
Details CVE
Score CVSS v3.1N/A
Publie12/6/2006
Derniere modification4/23/2026
Sourcenvd
Observations honeypot0
Produits affectes
yukihiro_matsumoto:ruby
Faiblesses (CWE)
CWE-399
References
http://bugs.gentoo.org/show_bug.cgi?id=157048(cve@mitre.org)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287(cve@mitre.org)
http://docs.info.apple.com/article.html?artnum=305530(cve@mitre.org)
http://jvn.jp/jp/JVN%2384798830/index.html(cve@mitre.org)
http://secunia.com/advisories/23165(cve@mitre.org)
http://secunia.com/advisories/23268(cve@mitre.org)
http://secunia.com/advisories/23454(cve@mitre.org)
http://secunia.com/advisories/25402(cve@mitre.org)
http://secunia.com/advisories/27576(cve@mitre.org)
http://secunia.com/advisories/31090(cve@mitre.org)
http://security.gentoo.org/glsa/glsa-200612-21.xml(cve@mitre.org)
http://securitytracker.com/id?1017363(cve@mitre.org)
http://www.redhat.com/support/errata/RHSA-2007-0961.html(cve@mitre.org)
http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h&only_with_tag=MAIN&r1=text&tr1=1.92&r2=text&tr2=1.91(cve@mitre.org)
http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/(cve@mitre.org)
http://www.securityfocus.com/bid/21441(cve@mitre.org)
http://www.ubuntu.com/usn/usn-394-1(cve@mitre.org)
http://www.vupen.com/english/advisories/2006/4855(cve@mitre.org)
http://www.vupen.com/english/advisories/2007/1939(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30734(cve@mitre.org)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10529(cve@mitre.org)
http://bugs.gentoo.org/show_bug.cgi?id=157048(af854a3a-2127-422b-91ae-364da2661108)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287(af854a3a-2127-422b-91ae-364da2661108)
http://docs.info.apple.com/article.html?artnum=305530(af854a3a-2127-422b-91ae-364da2661108)
http://jvn.jp/jp/JVN%2384798830/index.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23165(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23268(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23454(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25402(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27576(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31090(af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200612-21.xml(af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1017363(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:225(af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_4_sr.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0961.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h&only_with_tag=MAIN&r1=text&tr1=1.92&r2=text&tr2=1.91(af854a3a-2127-422b-91ae-364da2661108)
http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/21441(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-394-1(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/4855(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/1939(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30734(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10529(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.