PT-2018-3275 · Ruby+5 · Webrick+6
Eric Wong
·
Publicado
2018-03-28
·
Atualizado
2020-06-09
·
CVE-2018-8777
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Ruby versions prior to 2.2.10
Ruby versions 2.3.x prior to 2.3.7
Ruby versions 2.4.x prior to 2.4.4
Ruby versions 2.5.x prior to 2.5.1
Ruby version 2.6.0-preview1
Description
The issue is related to uncontrolled resource consumption in the WEBrick library of the Ruby programming language. An attacker can exploit this by sending a large HTTP request with a crafted header to the WEBrick server or a crafted body to the WEBrick server/handler, causing a denial of service due to memory consumption.
Recommendations
For Ruby versions prior to 2.2.10, update to version 2.2.10 or later.
For Ruby versions 2.3.x prior to 2.3.7, update to version 2.3.7 or later.
For Ruby versions 2.4.x prior to 2.4.4, update to version 2.4.4 or later.
For Ruby versions 2.5.x prior to 2.5.1, update to version 2.5.1 or later.
For Ruby version 2.6.0-preview1, update to a later version.
Exploit
Correção
DoS
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Red Hat
Ruby
Suse
Ubuntu
Webrick