[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-6303Date: (C)2006-12-06   (M)2023-12-22


The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1017363
BID-21441
SECUNIA-23165
SECUNIA-23268
SECUNIA-23454
SECUNIA-25402
SECUNIA-27576
SECUNIA-31090
ADV-2006-4855
ADV-2007-1939
APPLE-SA-2007-05-24
GLSA-200612-21
JVN#84798830
MDKSA-2006:225
RHSA-2007:0961
SUSE-SR:2007:004
USN-394-1
http://bugs.gentoo.org/show_bug.cgi?id=157048
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287
http://docs.info.apple.com/article.html?artnum=305530
http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h&only_with_tag=MAIN&r1=text&tr1=1.92&r2=text&tr2=1.91
http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
ruby-cgi-library-dos(30734)

CWE    1
CWE-399

© SecPod Technologies