1.8.5

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

ruby-lang

CWE-399

nessus

exploit available

NVD

Published: 2008-12-09

Updated: 2023-11-07

Summary

httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.

Vulnerable Configurations

Part	Description	Count
Application	Ruby-Lang Ruby Lang Ruby 1.8.5 Ruby Lang Ruby 1.8.1	2

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Exploit-Db

description	Ruby 1.9 WEBrick::HTTP::DefaultFileHandler Crafted HTTP Request DoS. CVE-2008-3656,CVE-2008-4310. Dos exploits for multiple platform
id	EDB-ID:32222
last seen	2016-02-03
modified	2008-08-11
published	2008-08-11
reporter	Keita Yamaguchi
source	https://www.exploit-db.com/download/32222/
title	Ruby <= 1.9 WEBrick::HTTP::DefaultFileHandler Crafted HTTP Request DoS

Nessus

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0897.NASL
description	From Red Hat Security Advisory 2008:0897 : Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby
last seen	2020-06-01
modified	2020-06-02
plugin id	67752
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67752
title	Oracle Linux 4 / 5 : ruby (ELSA-2008-0897)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0981.NASL
description	From Red Hat Security Advisory 2008:0981 : Updated ruby packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897 did not properly address a denial of service flaw in the WEBrick (Ruby HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a remote attacker to send a specially crafted HTTP request to a WEBrick server that would cause the server to use excessive CPU time. This update properly addresses this flaw. (CVE-2008-4310) All Ruby users should upgrade to these updated packages, which contain a correct patch that resolves this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	67767
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67767
title	Oracle Linux 4 / 5 : ruby (ELSA-2008-0981)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0897.NASL
description	Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby
last seen	2020-06-01
modified	2020-06-02
plugin id	34466
published	2008-10-22
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/34466
title	RHEL 4 / 5 : ruby (RHSA-2008:0897)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0897.NASL
description	Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby
last seen	2020-06-01
modified	2020-06-02
plugin id	34502
published	2008-10-28
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/34502
title	CentOS 4 / 5 : ruby (CESA-2008:0897)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20081204_RUBY_ON_SL4_X.NASL
description	Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897 did not properly address a denial of service flaw in the WEBrick (Ruby HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a remote attacker to send a specially crafted HTTP request to a WEBrick server that would cause the server to use excessive CPU time. This update properly addresses this flaw. (CVE-2008-4310)
last seen	2020-06-01
modified	2020-06-02
plugin id	60502
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60502
title	Scientific Linux Security Update : ruby on SL4.x, SL5.x i386/x86_64

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0981.NASL
description	Updated ruby packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897 did not properly address a denial of service flaw in the WEBrick (Ruby HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a remote attacker to send a specially crafted HTTP request to a WEBrick server that would cause the server to use excessive CPU time. This update properly addresses this flaw. (CVE-2008-4310) All Ruby users should upgrade to these updated packages, which contain a correct patch that resolves this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	35263
published	2008-12-26
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/35263
title	CentOS 4 / 5 : ruby (CESA-2008:0981)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0981.NASL
description	Updated ruby packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897 did not properly address a denial of service flaw in the WEBrick (Ruby HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a remote attacker to send a specially crafted HTTP request to a WEBrick server that would cause the server to use excessive CPU time. This update properly addresses this flaw. (CVE-2008-4310) All Ruby users should upgrade to these updated packages, which contain a correct patch that resolves this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	35038
published	2008-12-05
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/35038
title	RHEL 4 / 5 : ruby (RHSA-2008:0981)

Oval

accepted

2013-04-29T04:04:01.547-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10250

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	470252
title	CVE-2008-4310 ruby: Incomplete fix for CVE-2008-3656

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment ruby is earlier than 0:1.8.1-7.el4_7.2
oval oval:com.redhat.rhsa:tst:20080981001
comment ruby is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060427010
AND
comment irb is earlier than 0:1.8.1-7.el4_7.2
oval oval:com.redhat.rhsa:tst:20080981003
comment irb is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060427004
AND
comment ruby-docs is earlier than 0:1.8.1-7.el4_7.2
oval oval:com.redhat.rhsa:tst:20080981005
comment ruby-docs is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060427012
AND
comment ruby-libs is earlier than 0:1.8.1-7.el4_7.2
oval oval:com.redhat.rhsa:tst:20080981007
comment ruby-libs is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060427006
AND
comment ruby-mode is earlier than 0:1.8.1-7.el4_7.2
oval oval:com.redhat.rhsa:tst:20080981009
comment ruby-mode is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060427002
AND
comment ruby-devel is earlier than 0:1.8.1-7.el4_7.2
oval oval:com.redhat.rhsa:tst:20080981011
comment ruby-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060427014
AND
comment ruby-tcltk is earlier than 0:1.8.1-7.el4_7.2
oval oval:com.redhat.rhsa:tst:20080981013
comment ruby-tcltk is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060427008

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment ruby-docs is earlier than 0:1.8.5-5.el5_2.6
oval oval:com.redhat.rhsa:tst:20080981016
comment ruby-docs is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965012
AND
comment ruby-libs is earlier than 0:1.8.5-5.el5_2.6
oval oval:com.redhat.rhsa:tst:20080981018
comment ruby-libs is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965014
AND
comment ruby-mode is earlier than 0:1.8.5-5.el5_2.6
oval oval:com.redhat.rhsa:tst:20080981020
comment ruby-mode is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965016
AND
comment ruby-rdoc is earlier than 0:1.8.5-5.el5_2.6
oval oval:com.redhat.rhsa:tst:20080981022
comment ruby-rdoc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965018
AND
comment ruby-ri is earlier than 0:1.8.5-5.el5_2.6
oval oval:com.redhat.rhsa:tst:20080981024
comment ruby-ri is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965002
AND
comment ruby-devel is earlier than 0:1.8.5-5.el5_2.6
oval oval:com.redhat.rhsa:tst:20080981026
comment ruby-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965004
AND
comment ruby-tcltk is earlier than 0:1.8.5-5.el5_2.6
oval oval:com.redhat.rhsa:tst:20080981028
comment ruby-tcltk is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965006
AND
comment ruby-irb is earlier than 0:1.8.5-5.el5_2.6
oval oval:com.redhat.rhsa:tst:20080981030
comment ruby-irb is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965008
AND
comment ruby is earlier than 0:1.8.5-5.el5_2.6
oval oval:com.redhat.rhsa:tst:20080981032
comment ruby is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070965010

rhsa

id	RHSA-2008:0981
released	2008-12-04
severity	Moderate
title	RHSA-2008:0981: ruby security update (Moderate)

rpms

irb-0:1.8.1-7.el4_7.2
ruby-0:1.8.1-7.el4_7.2
ruby-0:1.8.5-5.el5_2.6
ruby-debuginfo-0:1.8.1-7.el4_7.2
ruby-debuginfo-0:1.8.5-5.el5_2.6
ruby-devel-0:1.8.1-7.el4_7.2
ruby-devel-0:1.8.5-5.el5_2.6
ruby-docs-0:1.8.1-7.el4_7.2
ruby-docs-0:1.8.5-5.el5_2.6
ruby-irb-0:1.8.5-5.el5_2.6
ruby-libs-0:1.8.1-7.el4_7.2
ruby-libs-0:1.8.5-5.el5_2.6
ruby-mode-0:1.8.1-7.el4_7.2
ruby-mode-0:1.8.5-5.el5_2.6
ruby-rdoc-0:1.8.5-5.el5_2.6
ruby-ri-0:1.8.5-5.el5_2.6
ruby-tcltk-0:1.8.1-7.el4_7.2
ruby-tcltk-0:1.8.5-5.el5_2.6

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Nessus

Oval

Redhat

References