Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby WEBrick::HTTPUtils.split_header_value 拒绝服务漏洞
Vulnerability Description
Ruby是一种功能强大的面向对象的脚本语言。 多个Ruby版本(1.8.5及之前版本、1.86至1.8.6-p286、1.8.7至1.8.7-p71、1.9至1.9 r18423)存在拒绝服务漏洞。 由于WEBrick::HTTP::DefaultFileHandler中的WEBrick::HTTPUtils.split_header_value函数存在算法弱点,远程攻击者可以通过特制包含回溯正则表达式的HTTP请求耗尽CPU资源,造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A