← Back

CVE-2008-3656

nvd nist
Published: Aug 13, 2008Modified: Apr 23, 2026

JSON object

Loading...
7.8
Vector
AV:N/AC:L/Au:N/C:N/I:N/A:C
Exploitability: 10.0 / Impact: 6.9
Source: NVD

Description

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.

Affected (43)

Products: Ruby Lang: Ruby
Ruby Lang
1 product
Ruby
Configuration A
43 vulnerable
Vulnerable SoftwareAffected Versions
Ruby Lang
Ruby
Up to 1.8.5
Ruby
Version 1.6.8
Ruby
Version 1.8.0
Ruby
Version 1.8.1
Ruby
Version 1.8.1 -9
Ruby
Version 1.8.2
Ruby
Version 1.8.2 preview2
Ruby
Version 1.8.2 preview3
Ruby
Version 1.8.2 preview4
Ruby
Version 1.8.3
Ruby
Version 1.8.3 preview1
Ruby
Version 1.8.3 preview2
Ruby
Version 1.8.3 preview3
Ruby
Version 1.8.4
Ruby
Version 1.8.4 preview1
Ruby
Version 1.8.4 preview2
Ruby
Version 1.8.4 preview3
Ruby
Version 1.8.5 p113
Ruby
Version 1.8.5 p115
Ruby
Version 1.8.5 p11
Ruby
Version 1.8.5 p12
Ruby
Version 1.8.5 p2
Ruby
Version 1.8.5 p35
Ruby
Version 1.8.5 preview1
Ruby
Version 1.8.5 preview2
Ruby
Version 1.8.5 preview3
Ruby
Version 1.8.5 preview4
Ruby
Version 1.8.5 preview5
Ruby
Version 1.8.6
Ruby
Version 1.8.6 p110
Ruby
Version 1.8.6 p114
Ruby
Version 1.8.6 preview1
Ruby
Version 1.8.6 preview2
Ruby
Version 1.8.6 preview3
Ruby
Version 1.8.7
Ruby
Version 1.8.7 p17
Ruby
Version 1.8.7 p22
Ruby
Version 1.8.7 p71
Ruby
Version 1.8.7 preview1
Ruby
Version 1.8.7 preview2
Ruby
Version 1.8.7 preview3
Ruby
Version 1.8.7 preview4
Ruby
Version 1.9.0

Related CWEs

CWE-399
CWE-399

References (60)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
US Government Resource
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.