Description

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.

Remediation

References

CVE-2008-3656

Related Vulnerabilities

WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4)

MySQL CVE-2014-2431 Vulnerability (CVE-2014-2431)

WordPress Plugin WP Customer Reviews Unspecified Vulnerability (3.0.7)

OpenSSL Resource Management Errors Vulnerability (CVE-2010-2939)

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35360)

Severity

High

Classification

CVE-2008-3656

Tags

Missing Update Known Vulnerabilities