CVE-2004-0983
Ruby 1.6-1.6.8 and 1.8-1.8.2 - Denial of Service via HTTP Request
Title source: llmDescription
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-635.html
Vendor Advisory vendor-advisory
x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2004:128
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11618
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/20-1/
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2004/dsa-586
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17985
Scores
EPSS
0.0112
EPSS Percentile
78.5%
Details
Status
published
Products (12)
gentoo/linux
mandrakesoft/mandrake_linux
9.2 (2 CPE variants)
mandrakesoft/mandrake_linux
10.0 (2 CPE variants)
mandrakesoft/mandrake_linux
10.1 (2 CPE variants)
mandrakesoft/mandrake_linux_corporate_server
2.1 (2 CPE variants)
ubuntu/ubuntu_linux
4.1 (2 CPE variants)
yukihiro_matsumoto/ruby
1.6
yukihiro_matsumoto/ruby
1.6.7
yukihiro_matsumoto/ruby
1.8
yukihiro_matsumoto/ruby
1.8.1
... and 2 more
Published
Mar 01, 2005
Tracked Since
Feb 18, 2026