Detections
Analytics

Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS

medium Nessus Plugin ID 15710

Language:

Synopsis

The remote web server is hosting a CGI application that is affected by a denial of service vulnerability.

Description

The 'cgi.rb' CGI is installed. Some versions is vulnerable to remote denial of service.

By sending a specially crafted HTTP POST request, a malicious user can force the remote host to consume a large amount of CPU resources.

*** Warning : Nessus solely relied on the presence of this *** CGI, it did not determine if you specific version is *** vulnerable to that problem.

Solution

Upgrade to Ruby 1.8.1 or later

See Also

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:128

http://www.novell.com/linux/security/advisories/2005_04_sr.html

https://usn.ubuntu.com/394-1/

Plugin Details

Severity: Medium

ID: 15710

File Name: cgi_rb.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 11/13/2004

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 11/8/2004

Reference Information

CVE: CVE-2004-0983

BID: 11618

DSA: 586

GLSA: 200612-21

RHSA: 2004:635