Red Hat Bugzilla – Bug 214909
Ruby CGI multipart parsing DoS - CVE-2006-5467
Last modified: 2007-07-16 06:52:04 EDT
A flaw was discovered in the way Ruby's CGI module handles certain
multipart/form-data MIME data. If a remote attacker sends a specially
crafted multipart-form-data request, it is possible to cause the ruby
CGI script to enter an infinite loop, causing a denial of service.
I think both FC3 and FC4 need patches.