CVE-2004-0983

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

References

http://www.debian.org/security/2004/dsa-586

http://www.mandriva.com/security/advisories?name=MDKSA-2004:128

http://www.redhat.com/support/errata/RHSA-2004-635.html

http://www.securityfocus.com/bid/11618

https://exchange.xforce.ibmcloud.com/vulnerabilities/17985

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268

https://usn.ubuntu.com/20-1/

Details

Source: MITRE

Published: 2005-03-01

Updated: 2018-10-03

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
38113FreeBSD : ruby -- CGI DoS (d656296b-33ff-11d9-a9e7-0001020eed82)NessusFreeBSD Local Security Checks
medium
27980Ubuntu 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-394-1)NessusUbuntu Local Security Checks
medium
27952Ubuntu 5.04 / 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-371-1)NessusUbuntu Local Security Checks
medium
24609Mandrake Linux Security Advisory : ruby (MDKSA-2006:225)NessusMandriva Local Security Checks
medium
24577Mandrake Linux Security Advisory : ruby (MDKSA-2006:192)NessusMandriva Local Security Checks
medium
23847Debian DSA-1234-1 : ruby1.6 - denial of serviceNessusDebian Local Security Checks
medium
20615Ubuntu 4.10 : ruby1.8 vulnerability (USN-20-1)NessusUbuntu Local Security Checks
medium
15945RHEL 2.1 / 3 : ruby (RHSA-2004:635)NessusRed Hat Local Security Checks
medium
15810FreeBSD : ruby -- CGI DoS (171)NessusFreeBSD Local Security Checks
medium
15724GLSA-200411-23 : Ruby: Denial of Service issueNessusGentoo Local Security Checks
medium
15710Ruby cgi.rb Malformed HTTP Request CPU Utilization DoSNessusCGI abuses
medium
15684Debian DSA-586-1 : ruby - infinite loopNessusDebian Local Security Checks
medium
15650Mandrake Linux Security Advisory : ruby (MDKSA-2004:128)NessusMandriva Local Security Checks
medium