Ruby.WEBrick.DoS
Description
This indicates an attack attempt against a denial-of-service vulnerability in Ruby implementations.
This vulnerability is caused by exponential time taking requests in WEBrick::HTTP::DefaultFileHandler due to a backtracking regular expression in WEBrick::HTTPUtils.split_header_value. This may cause a denial-of-service condition.
Affected Products
Ruby 1.8.5
Ruby 1.8.6-p286
Ruby 1.8.7-p71
Ruby 1.9 r18423
Impact
Denial of Service
Recommended Actions
For the 1.8 series:
Please upgrade to 1.8.6-p287, or 1.8.7-p72.
For the 1.9 series:
Please check out the latest version using Subversion.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |