Exploitable Denial of Service in Ruby's cgi.rb Library
Posted by Daniel Butler Wed, 25 Oct 2006 22:24:00 GMT
Zed Shaw, author of Mongrel, has provided a fix for the exploitable error in Ruby’s cgi.rb library. The error occurs when incorrectly crafted MIME boundaries for multipart uploads causes cgi.rb to loop infinitely waiting for input.
The following servers are affected:
- Mongrel
- Lightspeed
- CGI Standalone
- Any other server using cgi.rb
If you’re running any of these, you may want to upgrade or patch. More information on the error can be found in Zed’s post to the Ruby on Rails forum.
