FreeBSD : ruby -- cgi.rb library Denial of Service (ab8dbe98-6be4-11db-ae91-0012f06707f0)
Medium Nessus Plugin ID 22938
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionOfficial ruby site reports :
A vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as an invalid boundary specifier that begins with '-' instead of '--'.
Once triggered it will exhaust all available memory resources effectively creating a DoS condition.
SolutionUpdate the affected packages.