CVE Database


Impact: Moderate
Public: 2008-08-08
Bugzilla: 458953: CVE-2008-3656 ruby: WEBrick DoS vulnerability (CPU consumption)


The MITRE CVE dictionary describes this issue as:

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.

Find out more about CVE-2008-3656 from the MITRE CVE dictionary and NIST NVD.

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 4 (ruby) RHSA-2008:0897 October 21, 2008
Red Hat Enterprise Linux version 5 (ruby) RHSA-2008:0897 October 21, 2008

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.