CVE-2006-5467

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-5467
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P Patch Vendor Advisory
http://docs.info.apple.com/article.html?artnum=305530
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
http://secunia.com/advisories/22615 Patch Vendor Advisory
http://secunia.com/advisories/22624 Patch Vendor Advisory
http://secunia.com/advisories/22761 Patch Vendor Advisory
http://secunia.com/advisories/22929 Patch Vendor Advisory
http://secunia.com/advisories/22932 Vendor Advisory
http://secunia.com/advisories/23040 Patch Vendor Advisory
http://secunia.com/advisories/23344 Patch Vendor Advisory
http://secunia.com/advisories/25402 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200611-12.xml Patch Vendor Advisory
http://securitytracker.com/id?1017194 Patch
http://www.debian.org/security/2006/dsa-1234
http://www.debian.org/security/2006/dsa-1235
http://www.mandriva.com/security/advisories?name=MDKSA-2006:192
http://www.novell.com/linux/security/advisories/2006_26_sr.html Patch Vendor Advisory
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0729.html Patch Vendor Advisory
http://www.securityfocus.com/bid/20777 Patch
http://www.ubuntu.com/usn/usn-371-1 Patch
http://www.vupen.com/english/advisories/2006/4244 Vendor Advisory
http://www.vupen.com/english/advisories/2006/4245 Vendor Advisory
http://www.vupen.com/english/advisories/2007/1939 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P Patch Vendor Advisory
http://docs.info.apple.com/article.html?artnum=305530
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
http://secunia.com/advisories/22615 Patch Vendor Advisory
http://secunia.com/advisories/22624 Patch Vendor Advisory
http://secunia.com/advisories/22761 Patch Vendor Advisory
http://secunia.com/advisories/22929 Patch Vendor Advisory
http://secunia.com/advisories/22932 Vendor Advisory
http://secunia.com/advisories/23040 Patch Vendor Advisory
http://secunia.com/advisories/23344 Patch Vendor Advisory
http://secunia.com/advisories/25402 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200611-12.xml Patch Vendor Advisory
http://securitytracker.com/id?1017194 Patch
http://www.debian.org/security/2006/dsa-1234
http://www.debian.org/security/2006/dsa-1235
http://www.mandriva.com/security/advisories?name=MDKSA-2006:192
http://www.novell.com/linux/security/advisories/2006_26_sr.html Patch Vendor Advisory
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0729.html Patch Vendor Advisory
http://www.securityfocus.com/bid/20777 Patch
http://www.ubuntu.com/usn/usn-371-1 Patch
http://www.vupen.com/english/advisories/2006/4244 Vendor Advisory
http://www.vupen.com/english/advisories/2006/4245 Vendor Advisory
http://www.vupen.com/english/advisories/2007/1939 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185
Configurations

Configuration 1 (hide)

cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:*
History

21 Nov 2024, 00:19

Type Values Removed Values Added
References () ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P - Patch, Vendor Advisory () ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P - Patch, Vendor Advisory
References () http://docs.info.apple.com/article.html?artnum=305530 - () http://docs.info.apple.com/article.html?artnum=305530 -
References () http://lists.apple.com/archives/security-announce/2007/May/msg00004.html - () http://lists.apple.com/archives/security-announce/2007/May/msg00004.html -
References () http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html - () http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html -
References () http://secunia.com/advisories/22615 - Patch, Vendor Advisory () http://secunia.com/advisories/22615 - Patch, Vendor Advisory
References () http://secunia.com/advisories/22624 - Patch, Vendor Advisory () http://secunia.com/advisories/22624 - Patch, Vendor Advisory
References () http://secunia.com/advisories/22761 - Patch, Vendor Advisory () http://secunia.com/advisories/22761 - Patch, Vendor Advisory
References () http://secunia.com/advisories/22929 - Patch, Vendor Advisory () http://secunia.com/advisories/22929 - Patch, Vendor Advisory
References () http://secunia.com/advisories/22932 - Vendor Advisory () http://secunia.com/advisories/22932 - Vendor Advisory
References () http://secunia.com/advisories/23040 - Patch, Vendor Advisory () http://secunia.com/advisories/23040 - Patch, Vendor Advisory
References () http://secunia.com/advisories/23344 - Patch, Vendor Advisory () http://secunia.com/advisories/23344 - Patch, Vendor Advisory
References () http://secunia.com/advisories/25402 - Vendor Advisory () http://secunia.com/advisories/25402 - Vendor Advisory
References () http://security.gentoo.org/glsa/glsa-200611-12.xml - Patch, Vendor Advisory () http://security.gentoo.org/glsa/glsa-200611-12.xml - Patch, Vendor Advisory
References () http://securitytracker.com/id?1017194 - Patch () http://securitytracker.com/id?1017194 - Patch
References () http://www.debian.org/security/2006/dsa-1234 - () http://www.debian.org/security/2006/dsa-1234 -
References () http://www.debian.org/security/2006/dsa-1235 - () http://www.debian.org/security/2006/dsa-1235 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2006:192 - () http://www.mandriva.com/security/advisories?name=MDKSA-2006:192 -
References () http://www.novell.com/linux/security/advisories/2006_26_sr.html - Patch, Vendor Advisory () http://www.novell.com/linux/security/advisories/2006_26_sr.html - Patch, Vendor Advisory
References () http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html - Patch, Vendor Advisory () http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html - Patch, Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2006-0729.html - Patch, Vendor Advisory () http://www.redhat.com/support/errata/RHSA-2006-0729.html - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/20777 - Patch () http://www.securityfocus.com/bid/20777 - Patch
References () http://www.ubuntu.com/usn/usn-371-1 - Patch () http://www.ubuntu.com/usn/usn-371-1 - Patch
References () http://www.vupen.com/english/advisories/2006/4244 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/4244 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/4245 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/4245 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2007/1939 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/1939 - Vendor Advisory
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185 -
Information

Published : 2006-10-27 18:07

Updated : 2024-11-21 00:19

NVD link : CVE-2006-5467

Mitre link : CVE-2006-5467

CVE.ORG link : CVE-2006-5467

JSON object : View

Products Affected

yukihiro_matsumoto

  • ruby
CWE
CWE-399

Resource Management Errors


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024