CVE-2008-4310

Published: Dec 9, 2008Modified: Apr 23, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.

Affected (2)

Products: Ruby Lang: Ruby

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ruby Lang Ruby	Version 1.8.1
Ruby Lang Ruby	Version 1.8.5

Related CWEs

References (10)

http://secunia.com/advisories/33013

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2008/12/04/2

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2008-0981.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=470252

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250

Source: secalert@redhat.com

http://secunia.com/advisories/33013

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openwall.com/lists/oss-security/2008/12/04/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2008-0981.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=470252

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.