A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467) Redhat announcement: https://rhn.redhat.com/errata/RHSA-2006-0729.html I think both FC3 and FC4 need patches.