Ruby Buzz Forum - Ruby CGI.rb DoS vulnerability

Articles |
News |
Weblogs |
Books |
Forums

Artima Forums | Articles | Weblogs | Java Answers | News

Sponsored Link •

Ruby Buzz Forum
Ruby CGI.rb DoS vulnerability

0 replies on 1 page.

Welcome Guest
Sign In

Back to Topic List

Reply to this Topic

Search Forum

Threaded View


Previous Topic		Next Topic

Flat View: This topic has 0 replies on 1 page

Jonathan Weiss

Posts: 146
Nickname: jweiss
Registered: Jan, 2006

Jonathan Weiss is a Ruby and BSD enthusiast

Ruby CGI.rb DoS vulnerability

Posted: Oct 25, 2006 3:21 PM

This post originated from an RSS feed registered with Ruby Buzz by Jonathan Weiss.
Original Post: Ruby CGI.rb DoS vulnerability Feed Title: BlogFish Feed URL: http://blog.innerewut.de/feed/atom.xml Feed Description: Weblog by Jonathan Weiss about Unix, BSD, security, Programming in Ruby, Ruby on Rails and Agile Development.	Latest Ruby Buzz Posts Latest Ruby Buzz Posts by Jonathan Weiss Latest Posts From BlogFish

There seems to be a Denial of Service vulnerability in Ruby's CGI.rb that affects all Ruby applications that use CGI for Mime parsing. That will include all Rails applications that are running on Mongrel or CGI. The only not affected constellations are WEBrick and FastCGI. A malicious URL will cause CGI.rb to use max. CPU in an infinitive loop.

So if your are using Mongrel, hotfix your installation b using the latest pre-release that depends on the monkey-patch to CGI.rb:

sudo gem install mongrel --source=http://mongrel.rubyforge.org/releases

If you are using CGI.rb by other means, install the hotfix-gem and require it:

gem install cgi_multipart_eof_fix --source=http://mongrel.rubyforge.org/releases

More details by Zed Shaw here.

Read: Ruby CGI.rb DoS vulnerability

Previous Topic

Next Topic


	Web Artima.com