http://www.yup.com/articles/2006/10/25/exploitable-denial-of-service-in-rubys-cgi-rb-library en-us 40 Advanced Web Services <p><img style="float: right; margin: 4px; padding: 4px; border: 1px dotted #ccc;" src="http://static.flickr.com/11/13267551_49bda05e0e_m.jpg" /> Zed Shaw, author of <a href="http://mongrel.rubyforge.org/">Mongrel</a>, has provided a fix for the exploitable error in Ruby&#8217;s cgi.rb library. The error occurs when incorrectly crafted MIME boundaries for multipart uploads causes cgi.rb to loop infinitely waiting for input. </p> <p>The following servers are affected:</p> <ul> <li>Mongrel</li> <li>Lightspeed</li> <li>CGI Standalone</li> <li>Any other server using cgi.rb</li> </ul> <p>If you&#8217;re running any of these, you may want to upgrade or patch. More information on the error can be found in <a href="http://www.ruby-forum.com/topic/85966">Zed&#8217;s post</a> to the Ruby on Rails forum.</p> Wed, 25 Oct 2006 18:24:00 -0400 urn:uuid:832d1512-d859-4367-9e57-0aec9c561be0 Daniel Butler http://www.yup.com/articles/2006/10/25/exploitable-denial-of-service-in-rubys-cgi-rb-library Ruby on Rails