Christian Neukirchen

**Name of the Vulnerable Software and Affected Versions** Ruby versions 1.8.5 and earlier Ruby versions 1.8.6 through 1.8.6-p286 Ruby versions 1.8.7 through 1.8.7-p71 Ruby versions 1.9 through r18423 libruby1.9-dbg (affected versions not specified) libruby1.9 (affected versions not specified) ri1.9 (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the Ruby package, which can lead to a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression in the `WEBrick::HTTPUtils.split header value` function. The vulnerabilities can be exploited remotely, potentially disrupting the availability of protected information. **Recommendations** For Ruby versions 1.8.5 and earlier, update to a version later than 1.8.5. For Ruby versions 1.8.6 through 1.8.6-p286, update to a version later than 1.8.6-p286. For Ruby versions 1.8.7 through 1.8.7-p71, update to a version later than 1.8.7-p71. For Ruby versions 1.9 through r18423, update to a version later than r18423. For libruby1.9-dbg, libruby1.9, and ri1.9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.