Red Hat Bugzilla – Bug 218289
CVE-2006-6303 ruby's cgi.rb vulnerable infinite loop DoS
Last modified: 2007-11-30 17:11:50 EST
+++ This bug was initially created as a clone of Bug #218287 +++
Description of problem:
JVN#84798830 described a problem in cgi.rb, which results in infinite loop after
certain HTTP request. While the original advisory is in Japan, you might want to
translate it with Babelfish. Anyways, it doesn't contain any useful information.
The upstream corrected the problem immediately in CVS and even released a new
package with patchlevel of 2.
Version-Release number of selected component (if applicable):
All supported versions (RHEL 2.1 to 5, and both FC 5 and FC 6) seem to contain
the vulnerable code.
The translated JVN avdisory:
-- Additional comment from email@example.com on 2006-12-04 09:09 EST --
Created an attachment (id=142732)
Upstream patch for ruby cgi.rb DoS
fixed in 18.104.22.168-1.fc6 and 22.214.171.124-1.fc5.
ruby-126.96.36.199-1.fc6 has been pushed for fc6, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.